Authentix: Detecting anonymized attacks via automated authenticity profiling

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In the modern era of cyber-security attackers are persistent in their attempts to hide and mask the origin of their attacks. In many cases, attacks are launched from spoofed or unknown Internet addresses, which makes investigation a challenging task. While protection from anonymized attacks is an important goal, detection of anonymized traffic is also important in its own right, because it allows defenders to take necessary preventative and defensive steps at an early stage, even before the attack itself has begun. In this paper we present AuthentIx, a system which measures the authenticity of the sources of Internet traffic. In order to measure the authenticity of traffic sources, our system uses passive and active profiling techniques, which are employed in both the network and the application protocols. We also show that performing certain cross-views between different communications layers can uncover inconsistencies and find clients which are suspicious. We present our system design and describe its implementation, and evaluate AuthentIx on traffic from authentic and non-authentic sources. Results show that our system can successfully detect anonymous and impersonated attackers, and furthermore, can be used as a general framework to cope with new anonymization and hiding techniques.

Original languageEnglish
Title of host publicationFuture Network Systems and Security - 2nd International Conference, FNSS 2016, Proceedings
EditorsWei Zhou, Selwyn Piramuthu, Robin Doss
PublisherSpringer Verlag
Pages1-11
Number of pages11
ISBN (Print)9783319480206
DOIs
StatePublished - 1 Jan 2016
Event2nd International Conference on Future Network Systems and Security, FNSS 2016 - Paris, France
Duration: 23 Nov 201625 Nov 2016

Publication series

NameCommunications in Computer and Information Science
Volume670
ISSN (Print)1865-0929

Conference

Conference2nd International Conference on Future Network Systems and Security, FNSS 2016
Country/TerritoryFrance
CityParis
Period23/11/1625/11/16

Keywords

  • Anonymization
  • Attacks
  • IP profiling
  • Onion routing
  • Proxy
  • VPN

ASJC Scopus subject areas

  • General Computer Science
  • General Mathematics

Fingerprint

Dive into the research topics of 'Authentix: Detecting anonymized attacks via automated authenticity profiling'. Together they form a unique fingerprint.

Cite this