Detail výsledku

Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection

HOMOLIAK, I.; TEKNŐS, M.; BARABAS, M.; HANÁČEK, P. Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection. In Proceedings of 12th International Conference on Security and Privacy in Communication Networks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Guangzhou: Springer International Publishing, 2017. p. 770-773. ISBN: 978-3-319-59607-5.
Typ
článek ve sborníku konference
Jazyk
anglicky
Autoři
Homoliak Ivan, doc. Ing., Ph.D., UITS (FIT)
Teknős Martin, Ing.
Barabas Maroš, Ing., Ph.D., UITS (FIT)
Hanáček Petr, doc. Dr. Ing., UITS (FIT)
Abstrakt

The main objective of our work is to aid in the improvement of attack detection capabilities of machine learning based network anomaly detection. The paper leverages several techniques aimed at obfuscation of remote attacks which are based on the modification of various properties of network flows. We present a tool, based on NetEm utility and Metasploit framework, which serves for automatic exploitation of network vulnerabilities enabling utilization of obfuscation techniques. The tool is applied to the chosen set of network attacks and later we use captured data for data mining experiments employing anomaly detection features called Advanced Security Network Metrics which were designed in our previous work. Experiments confirm the assumption of achieving a better classification recall and precision only in the case of obfuscated attacks are included into a training process of the Naive Bayes classifier compared to training without prior knowledge about them. We perform accuracy evaluation of all suggested obfuscations, whereby the most successful ones are based on combinations of several techniques and damaging of packets. Experimentally, our approach does not consider a normalizer of network traffic, as there were described performance and platform dependence issues with normalizers as well as differences and problems with various implementations.

Klíčová slova

NetEm,
Network anomaly detection,
Intrusion detection,
Obfuscation, 
Evasion,
Naive Bayes 

URL
Rok
2017
Strany
770–773
Sborník
Proceedings of 12th International Conference on Security and Privacy in Communication Networks
Řada
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Konference
The 12th EAI International Conference on Security and Privacy in Communication Networks
ISBN
978-3-319-59607-5
Vydavatel
Springer International Publishing
Místo
Guangzhou
DOI
10.1007/978-3-319-59608-2
EID Scopus
2-s2.0-85021722184
BibTeX 
@inproceedings{BUT144383,
  author="Ivan {Homoliak} and Martin {Teknős} and Maroš {Barabas} and Petr {Hanáček}",
  title="Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection",
  booktitle="Proceedings of 12th International Conference on Security and Privacy in Communication Networks",
  year="2017",
  series="Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering",
  pages="770--773",
  publisher="Springer International Publishing",
  address="Guangzhou",
  doi="10.1007/978-3-319-59608-2",
  isbn="978-3-319-59607-5",
  url="https://link.springer.com/book/10.1007%2F978-3-319-59608-2"
}
Soubory
Projekty
AQUAS: Agregované metody řízení kvality, EU, Horizon 2020, 8A17001, 737475, zahájení: 2017-05-01, ukončení: 2020-04-30, ukončen
Bezpečné a spolehlivé počítačové systémy, VUT, Vnitřní projekty VUT, FIT-S-17-4014, zahájení: 2017-03-01, ukončení: 2020-02-29, ukončen
IT4Innovations excellence in science, MŠMT, Národní program udržitelnosti II, LQ1602, zahájení: 2016-01-01, ukončení: 2020-12-31, ukončen
Výzkumné skupiny
Výzkumná skupina bezpečnosti informačních technologií (VZ Security@FIT)
Pracoviště
Ústav inteligentních systémů (UITS)
Nahoru