APIVADS: A novel privacy-preserving pivot attack detection scheme based on statistical pattern recognition
Abstract
Advanced cyber attackers often “pivot” through several devices in such complex infrastructure to obfuscate their footprints and overcome connectivity restrictions. However, prior pivot attack detection strategies present concerning limitations. This paper addresses an improvement of cyber defence with APIVADS, a novel adaptive pivoting detection scheme based on traffic flows to determine cyber adversaries’ presence based on their pivoting behaviour in simple and complex interconnected networks. Additionally, APIVADS is agnostic regarding transport and application protocols. The scheme is optimized and tested to cover remotely connected locations beyond a corporate campus’s perimeters. The scheme considers a hybrid approach between decentralized host-based detection of pivot attacks and a centralized approach to aggregate the results to achieve scalability. Empirical results from our experiments show the proposed scheme is efficient and feasible. For example, a 98.54% detection accuracy near real-time is achievable by APIVADS differentiating ongoing pivot attacks from regular enterprise traffic as TLS, HTTPS, DNS and P2P over the internet.Citation
Marques, R.S., Al-Khateeb, H., Epiphaniou, G. and Maple, C. (2022) APIVADS: A novel privacy-preserving pivot attack detection scheme based on statistical pattern recognition. IEEE Transactions on Information Forensics and Security, 71. pp.700-715Publisher
IEEEJournal
IEEE Transactions on Information Forensics and SecurityAdditional Links
https://ieeexplore.ieee.org/document/9690881Type
Journal articleLanguage
enDescription
This is an accepted manuscript of an article published by IEEE in IEEE Transactions on Information Forensics and Security on 24/01/2022, available online at: https://ieeexplore.ieee.org/document/9690881 The accepted version of the publication may differ from the final published version.ISSN
1556-6013ae974a485f413a2113503eed53cd6c53
10.1109/TIFS.2022.3146076
Scopus Count
Collections
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/