IPSec Tunnel

Network-Based Anomaly Detection Using Discriminant Analysis

ABSTRACT

Anomaly-based Intrusion Detection Systems (IDS) can be a valuable tool for detecting novel network attacks. This paper analyzes the use of linear and non-linear discriminant analysis on packet header information from Transport and Internet layers of the TCP/IP model to classify packets as normal or abnormal. By training on normal traffic for a particular service (web and secure shell) and known attacks, the classifier can automatically identify differences between packets that may be used to classify future unknown traffic.

Malware-based Information Leakage over IPSec Tunnels

ABSTRACT

IPSec-based protocols are often presented by practitioners of information security as an efficient solution to prevent attacks against data exchange. More generally, use of encryption to protect communication channels or to seclude sensitive networks is seen as the ultimate defence. Unfortunately, this confidence is illusory since such “armoured” protocols can be manipulated or corrupted by an attacker to leak information whenever an access is managed with simple user’s permission. In this paper, we present how an attacker and/or a malware can subvert and bypass IPSec-like protocols to leak data from the system under attack. By using a covert channel, we show how to code the information to be stolen, how to insert it in the legitimate encrypted traffic and finally collect/decode the information on the attacker’s side. We first present how to exploit the covert channel and to steal sensitive data without triggering any alert. Subsequently, the detailed results of extensive experiments to validate the attack techniques on an operational level are given. Finally, some potential prevention and protection techniques are presented to limit such attacks. However, this analysis demonstrates that residual weaknesses are bound to remain unless the communication protocols involved are significantly modified.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com