APIVADS: A novel privacy-preserving pivot attack detection scheme based on statistical pattern recognition
MetadataShow full item record
AbstractAdvanced cyber attackers often “pivot” through several devices in such complex infrastructure to obfuscate their footprints and overcome connectivity restrictions. However, prior pivot attack detection strategies present concerning limitations. This paper addresses an improvement of cyber defence with APIVADS, a novel adaptive pivoting detection scheme based on traffic flows to determine cyber adversaries’ presence based on their pivoting behaviour in simple and complex interconnected networks. Additionally, APIVADS is agnostic regarding transport and application protocols. The scheme is optimized and tested to cover remotely connected locations beyond a corporate campus’s perimeters. The scheme considers a hybrid approach between decentralized host-based detection of pivot attacks and a centralized approach to aggregate the results to achieve scalability. Empirical results from our experiments show the proposed scheme is efficient and feasible. For example, a 98.54% detection accuracy near real-time is achievable by APIVADS differentiating ongoing pivot attacks from regular enterprise traffic as TLS, HTTPS, DNS and P2P over the internet.
CitationMarques, R.S., Al-Khateeb, H., Epiphaniou, G. and Maple, C. (2022) APIVADS: A novel privacy-preserving pivot attack detection scheme based on statistical pattern recognition. IEEE Transactions on Information Forensics and Security, 71. pp.700-715
JournalIEEE Transactions on Information Forensics and Security
DescriptionThis is an accepted manuscript of an article published by IEEE in IEEE Transactions on Information Forensics and Security on 24/01/2022, available online at: https://ieeexplore.ieee.org/document/9690881 The accepted version of the publication may differ from the final published version.
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-nd/4.0/