Nowadays it is common the adoption of network traffic analysis tools as a protection against possible cyberattacks, but Attackers have become increasingly skilled at building more and more complex attacks in order to avoid IDS/IPS action, typically through the adoption of evasion that hides attacks to the monitoring system. In this paper, we test an innovative idea to build attacks, that relies on the idea of carrying out attacks against a specific component of IDS/IPS, the packet analyzers, in order to make it (at least temporarily) unavailable, hiding possible attacks against the services. In order to explore the feasibility of the approach, we focused on a particular usage example: the network traffic analysis performed during the attack/defence Capture the Flag (CTF), a cybersecurity competition where different teams attempt to find vulnerabilities in services run by the opposing team, fix them and build exploits to perform attacks. It is worth noticing that such a scenario enabled us even to work in a protected context, avoiding producing attacks that can be exploited in a production environment. Accordingly, outlining that the state of the art shows a lack of results with respect to the proposed approach we performed a security assessment of the chosen tools and demonstrated the feasibility of the approach, concluding that these attack patterns should be taken into consideration when building a protection system.

Attacking a packet Analyzer: Caronte case study / Granata, D.; Rak, M.; Grimaldi, F.. - (2023), pp. 269-274. (Intervento presentato al convegno 3rd IEEE International Conference on Cyber Security and Resilience, CSR 2023 tenutosi a ita nel 2023) [10.1109/CSR57506.2023.10224918].

Attacking a packet Analyzer: Caronte case study

Granata D.;Rak M.;
2023

Abstract

Nowadays it is common the adoption of network traffic analysis tools as a protection against possible cyberattacks, but Attackers have become increasingly skilled at building more and more complex attacks in order to avoid IDS/IPS action, typically through the adoption of evasion that hides attacks to the monitoring system. In this paper, we test an innovative idea to build attacks, that relies on the idea of carrying out attacks against a specific component of IDS/IPS, the packet analyzers, in order to make it (at least temporarily) unavailable, hiding possible attacks against the services. In order to explore the feasibility of the approach, we focused on a particular usage example: the network traffic analysis performed during the attack/defence Capture the Flag (CTF), a cybersecurity competition where different teams attempt to find vulnerabilities in services run by the opposing team, fix them and build exploits to perform attacks. It is worth noticing that such a scenario enabled us even to work in a protected context, avoiding producing attacks that can be exploited in a production environment. Accordingly, outlining that the state of the art shows a lack of results with respect to the proposed approach we performed a security assessment of the chosen tools and demonstrated the feasibility of the approach, concluding that these attack patterns should be taken into consideration when building a protection system.
2023
Attacking a packet Analyzer: Caronte case study / Granata, D.; Rak, M.; Grimaldi, F.. - (2023), pp. 269-274. (Intervento presentato al convegno 3rd IEEE International Conference on Cyber Security and Resilience, CSR 2023 tenutosi a ita nel 2023) [10.1109/CSR57506.2023.10224918].
File in questo prodotto:
File Dimensione Formato  
CSR_2023_Camera_Ready.pdf

non disponibili

Licenza: Non specificato
Dimensione 298.97 kB
Formato Adobe PDF
298.97 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/987437
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact