Scan Prediction and Reconnaissance Mitigation through Commodity Graphics Cards

None, None; None, None; None, None; None, None

Scan Prediction and Reconnaissance Mitigation through Commodity Graphics Cards

Conference Paper (2016)

Author(s)

Christian Doerr (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Mourad El Maouchi

Sille Kamoen

Jarno Moree

Research Group

Cyber Security

DOI related publication

https://doi.org/10.1109/CNS.2016.7860496 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:9378a405-e693-4a97-8d02-ae92e72f9880

More Info

expand_more

Publication Year

2016

Language

English

Research Group

Cyber Security

Pages (from-to)

1-9

Event

IEEE Conference on Communications and Network Security, ICNS 2016 (2016-10-17 - 2016-10-19), Philadelpia, United States

Downloads counter

119

Abstract

In order to protect ICT systems against remote attacks and exploitation, insight into which systems are targeted is necessary as soon as possible. Given the lack of advance information, current network-based attack detection and mitigation
techniques, such as virus scanners or intrusion prevention systems, are typically aimed at countering the delivery and exploitation. This paper presents a novel approach capable of detecting threats while they scan a local network for potential targets and even before an intrusion attack has been made. Thisallows the defender to single out scan traffic and selectively deny access to an attacker performing reconnaissance while maintaining the availability to other users.We implement a proofof-concept on commodity graphics cards, and demonstrate fast prediction of scanner behavior on a /16 network telescope.