Change search
ReferencesLink to record
Permanent link

Direct link
Multipath TCP IDS Evasion and Mitigation
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. (PriSec)ORCID iD: 0000-0001-9886-6651
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Health, Science and Technology (starting 2013). (PriSec)ORCID iD: 0000-0003-0778-4736
2015 (English)In: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, Springer, 2015, Vol. 9290, 265-282 p.Conference paper (Refereed)
Abstract [en]

The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.

Place, publisher, year, edition, pages
Springer, 2015. Vol. 9290, 265-282 p.
Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 9290
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-39058DOI: 10.1007/978-3-319-23318-5_15ISI: 000363678700015ISBN: 978-3-319-23317-8OAI: oai:DiVA.org:kau-39058DiVA: diva2:895187
Conference
The 18th Information Security Conference (ISC), Trondheim, Norway, September 9-11, 2015.
Available from: 2016-01-18 Created: 2016-01-18 Last updated: 2016-06-20Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full texthttp://link.springer.com/chapter/10.1007%2F978-3-319-23318-5_15

Search in DiVA

By author/editor
Afzal, ZeeshanLindskog, Stefan
By organisation
Department of Mathematics and Computer ScienceDepartment of Computer ScienceFaculty of Health, Science and Technology (starting 2013)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 198 hits
ReferencesLink to record
Permanent link

Direct link