Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F17%3APU126370" target="_blank" >RIV/00216305:26230/17:PU126370 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/book/10.1007%2F978-3-319-59608-2" target="_blank" >https://link.springer.com/book/10.1007%2F978-3-319-59608-2</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-319-59608-2" target="_blank" >10.1007/978-3-319-59608-2</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection

Popis výsledku v původním jazyce

The main objective of our work is to aid in the improvement of attack detection capabilities of machine learning based network anomaly detection. The paper leverages several techniques aimed at obfuscation of remote attacks which are based on the modification of various properties of network flows. We present a tool, based on NetEm utility and Metasploit framework, which serves for automatic exploitation of network vulnerabilities enabling utilization of obfuscation techniques. The tool is applied to the chosen set of network attacks and later we use captured data for data mining experiments employing anomaly detection features called Advanced Security Network Metrics which were designed in our previous work. Experiments confirm the assumption of achieving a better classification recall and precision only in the case of obfuscated attacks are included into a training process of the Naive Bayes classifier compared to training without prior knowledge about them. We perform accuracy evaluation of all suggested obfuscations, whereby the most successful ones are based on combinations of several techniques and damaging of packets. Experimentally, our approach does not consider a normalizer of network traffic, as there were described performance and platform dependence issues with normalizers as well as differences and problems with various implementations.

Název v anglickém jazyce

Exploitation of NetEm Utility for Non-payload-based Obfuscation Techniques Improving Network Anomaly Detection

Popis výsledku anglicky

The main objective of our work is to aid in the improvement of attack detection capabilities of machine learning based network anomaly detection. The paper leverages several techniques aimed at obfuscation of remote attacks which are based on the modification of various properties of network flows. We present a tool, based on NetEm utility and Metasploit framework, which serves for automatic exploitation of network vulnerabilities enabling utilization of obfuscation techniques. The tool is applied to the chosen set of network attacks and later we use captured data for data mining experiments employing anomaly detection features called Advanced Security Network Metrics which were designed in our previous work. Experiments confirm the assumption of achieving a better classification recall and precision only in the case of obfuscated attacks are included into a training process of the Naive Bayes classifier compared to training without prior knowledge about them. We perform accuracy evaluation of all suggested obfuscations, whereby the most successful ones are based on combinations of several techniques and damaging of packets. Experimentally, our approach does not consider a normalizer of network traffic, as there were described performance and platform dependence issues with normalizers as well as differences and problems with various implementations.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of 12th International Conference on Security and Privacy in Communication Networks

ISBN

978-3-319-59607-5

ISSN

—

e-ISSN

—

Počet stran výsledku

4

Strana od-do

770-773

Název nakladatele

Springer International Publishing

Místo vydání

Guangzhou

Místo konání akce

Guangzhou, People's Republic of China

Datum konání akce

10. 10. 2016

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—