多归属设备检测使用时钟倾斜

2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS) Pub Date : 2017-12-01 DOI:10.1109/ICSPCS.2017.8270453

Bryan Martin, M. Tummala, J. McEachen

{"title":"多归属设备检测使用时钟倾斜","authors":"Bryan Martin, M. Tummala, J. McEachen","doi":"10.1109/ICSPCS.2017.8270453","DOIUrl":null,"url":null,"abstract":"The aim of this paper was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using the information provided by passively observing network traffic. Since multi-homed hosts allow an alternate means for outside entities to circumvent the security of a firewall and gain access to a network, it is important for a network's security to be able to detect and remove such devices. In this work, the idea of using clock skew — the difference in perceived time between two system clocks — as a unique signature is utilized to identify hosts on a network that are potentially multi-homed. Testing was done on a software-defined network that contained a multi-homed host. After traffic between hosts was collected and processed, analysis of the confidence intervals of the device's clock skew was conducted to determine if IP addresses originating from the same host could be successfully detected solely from network traffic. Results confirmed that the proposed scheme provided a valid means of detecting a multi-homed device on a network.","PeriodicalId":268205,"journal":{"name":"2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Multi-homed device detection using clock skew\",\"authors\":\"Bryan Martin, M. Tummala, J. McEachen\",\"doi\":\"10.1109/ICSPCS.2017.8270453\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The aim of this paper was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using the information provided by passively observing network traffic. Since multi-homed hosts allow an alternate means for outside entities to circumvent the security of a firewall and gain access to a network, it is important for a network's security to be able to detect and remove such devices. In this work, the idea of using clock skew — the difference in perceived time between two system clocks — as a unique signature is utilized to identify hosts on a network that are potentially multi-homed. Testing was done on a software-defined network that contained a multi-homed host. After traffic between hosts was collected and processed, analysis of the confidence intervals of the device's clock skew was conducted to determine if IP addresses originating from the same host could be successfully detected solely from network traffic. Results confirmed that the proposed scheme provided a valid means of detecting a multi-homed device on a network.\",\"PeriodicalId\":268205,\"journal\":{\"name\":\"2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSPCS.2017.8270453\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSPCS.2017.8270453","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

本文的目的是利用被动观察网络流量提供的信息，确定通过多个接口(即多宿主)识别连接到互联网的设备的可行性。由于多宿主主机允许外部实体绕过防火墙的安全性并访问网络，因此能够检测和删除此类设备对于网络的安全性非常重要。在这项工作中，使用时钟偏差(两个系统时钟之间感知到的时间差异)作为唯一签名的想法被用于识别网络上可能为多宿主的主机。测试是在一个包含多宿主主机的软件定义网络上完成的。在收集和处理主机之间的流量后，对设备时钟偏差的置信区间进行分析，以确定是否可以单独从网络流量中成功检测到来自同一主机的IP地址。结果表明，该方案提供了一种有效的检测网络上多归属设备的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Multi-homed device detection using clock skew

The aim of this paper was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using the information provided by passively observing network traffic. Since multi-homed hosts allow an alternate means for outside entities to circumvent the security of a firewall and gain access to a network, it is important for a network's security to be able to detect and remove such devices. In this work, the idea of using clock skew — the difference in perceived time between two system clocks — as a unique signature is utilized to identify hosts on a network that are potentially multi-homed. Testing was done on a software-defined network that contained a multi-homed host. After traffic between hosts was collected and processed, analysis of the confidence intervals of the device's clock skew was conducted to determine if IP addresses originating from the same host could be successfully detected solely from network traffic. Results confirmed that the proposed scheme provided a valid means of detecting a multi-homed device on a network.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 11th International Conference on Signal Processing and Communication Systems (ICSPCS)

自引率

0.00%

发文量