一种概率异常检测方案，用于检测DHCP饥渴攻击

2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS) Pub Date : 2016-11-01 DOI:10.1109/ANTS.2016.7947848

Nikhil Tripathi, N. Hubballi

{"title":"一种概率异常检测方案，用于检测DHCP饥渴攻击","authors":"Nikhil Tripathi, N. Hubballi","doi":"10.1109/ANTS.2016.7947848","DOIUrl":null,"url":null,"abstract":"Dynamic Host Configuration Protocol (DHCP) is used by clients in a network to configure their interface with IP address. DHCP is vulnerable to a popularly known Denial of Service (DoS) attack called DHCP starvation attack. In this paper, we highlight the practical difficulties of creating conventional starvation attack in wireless networks (802.11) and also describe two new variations of attacks which can be easily launched in wireless networks. Subsequently, we also propose an anomaly detection system which can detect all variations of starvation attacks. This anomaly detection system generates a probability distribution of various DHCP messages collected from a particular network as a normal profile and subsequently compare the current activity to this profile to detect starvation attacks. We experiment with different types of starvation attacks in a real network setup and report detection performance of our proposed method.","PeriodicalId":248902,"journal":{"name":"2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"A probabilistic anomaly detection scheme to detect DHCP starvation attacks\",\"authors\":\"Nikhil Tripathi, N. Hubballi\",\"doi\":\"10.1109/ANTS.2016.7947848\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dynamic Host Configuration Protocol (DHCP) is used by clients in a network to configure their interface with IP address. DHCP is vulnerable to a popularly known Denial of Service (DoS) attack called DHCP starvation attack. In this paper, we highlight the practical difficulties of creating conventional starvation attack in wireless networks (802.11) and also describe two new variations of attacks which can be easily launched in wireless networks. Subsequently, we also propose an anomaly detection system which can detect all variations of starvation attacks. This anomaly detection system generates a probability distribution of various DHCP messages collected from a particular network as a normal profile and subsequently compare the current activity to this profile to detect starvation attacks. We experiment with different types of starvation attacks in a real network setup and report detection performance of our proposed method.\",\"PeriodicalId\":248902,\"journal\":{\"name\":\"2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ANTS.2016.7947848\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTS.2016.7947848","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

DHCP (Dynamic Host Configuration Protocol)是网络中的客户端为其接口配置IP地址的协议。DHCP容易受到一种众所周知的拒绝服务攻击(DoS)，即DHCP饥饿攻击。在本文中，我们强调了在无线网络(802.11)中创建传统饥饿攻击的实际困难，并描述了可以在无线网络中轻松发起的两种新的攻击变体。随后，我们还提出了一种能够检测各种饥饿攻击的异常检测系统。此异常检测系统生成从特定网络收集的各种DHCP消息的概率分布，并将其作为正常配置文件，随后将当前活动与该配置文件进行比较，以检测饥饿攻击。我们在真实的网络设置中对不同类型的饥饿攻击进行了实验，并报告了我们提出的方法的检测性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A probabilistic anomaly detection scheme to detect DHCP starvation attacks

Dynamic Host Configuration Protocol (DHCP) is used by clients in a network to configure their interface with IP address. DHCP is vulnerable to a popularly known Denial of Service (DoS) attack called DHCP starvation attack. In this paper, we highlight the practical difficulties of creating conventional starvation attack in wireless networks (802.11) and also describe two new variations of attacks which can be easily launched in wireless networks. Subsequently, we also propose an anomaly detection system which can detect all variations of starvation attacks. This anomaly detection system generates a probability distribution of various DHCP messages collected from a particular network as a normal profile and subsequently compare the current activity to this profile to detect starvation attacks. We experiment with different types of starvation attacks in a real network setup and report detection performance of our proposed method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)

自引率

0.00%

发文量