Abstract
In general, network attack should be prohibited and information security technology should contribute to improve the trust of network communication. Almost network communication is based on IP packet which is standardized by the international organization. So, network attack does not work without following the standardized manner. Therefore network attack also leaks information concerning adversaries by their IP packets. In this paper, we propose a new network attack strategy which counter-attacks adversary. We collect and analyze IP packets from adversary, and derive network topology map of adversary. The characteristics of topology map can be analyzed by the eigenvalue of topology matrix. We observe the changes of characteristics of topology map by the influence of attack scenario simulations. Then we choose the most effective or suitable network counter-attack strategy. In this paper, we propose two kinds of attack scenarios and three types of tactics. And we show example attacks using actual data of adversary who are observed by our dark-net monitoring.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Artail, H., Safa, H., Sraj, M., Kuwatly, L., Al-Masri, Z.: A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. J. Comput. Secur. 25(4), 274–288 (2006)
Bilò, D., Gualà, L., Leucci, S., Proietti, G.: Network creation games with traceroute-based strategies. In: Halldórsson, M.M. (ed.) SIROCCO 2014. LNCS, vol. 8576, pp. 210–223. Springer, Heidelberg (2014). doi:10.1007/978-3-319-09620-9_17
Center for Applied Internet Data Analysis, http://www.caida.org/. Accessed 15 Jan 2016
Dall’Asta, L., Alvarez-Hamelin, I., Barrat, A., Vázquez, A., Vespignani, A.: Traceroute-like exploration of unknown networks: a statistical analysis. In: López-Ortiz, A., Hamel, A.M. (eds.) CAAN 2004. LNCS, vol. 3405, pp. 140–153. Springer, Heidelberg (2005). doi:10.1007/11527954_13
Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the Internet topology. Comput. Commun. Rev. 2, 251–262 (1999)
Gallos, L.K., Cohen, R., Argyrakis, P., Bunde, A., Havlin, S.: Stability and topology of scale-free networks under attack and strategies. Phys. Rev. Lett. 94(18), 188701.1–188701.4 (2005)
Gomez, S., Diaz-Guilera, A., Gomez-Gardenes, J., Perez-Vincente, C.J., Merono, Y., Arenas, A.: Diffusion dynamics on multiple networks. Phys. Rev. Lett. 110(2), 028701.1–028701.5 (2013)
Hayashi, Y.: Robust information communication networks based on network scientific approaches. IEEJ J. 130(5), 293–296 (2010)
Inoue, D., Eto, M., Yoshioka, K., Baba, S., Suzuki, K., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: an incident analysis system toward binding network monitoring with malware analysis. Information Security Threats Data Collection and Sharing 2008, pp. 58–66 (2008)
The Internet Assigned Numbers Authority (IANA). http://www.iana.org/. Accessed 27 Jan 2016
Internet Engineering Task Force (IETF) RFC: 791 INTERNET PROTOCOL. https://www.ietf.org/rfc/rfc791.txt. Accessed 15 Jan 2016
ISO, IEC 10731: 1994 Information technology - Open Systems Interconnection - Basic Reference Model - Conventions for the definition of OSI services
Kisamori, K., Shimoda, A., Mori, T., Goto, S.: Analysis of malicious traffic based on TCP fingerprinting. IPSJ J. 52(6), 2009–2018 (2011)
Luca, F., Paolo, B., Mario, G.: Interplay of network dynamics and heterogeneity of ties on spreading dynamics. Phys. Rev. E 90(1), 012812.1–012812.9 (2011)
Namatame, A., Zamami, R.: Systemic Risk on least susceptible network. In: Artificial Economics and Self-organization. LNEMS, vol. 669, pp. 245–256. Springer (2013)
National Institute of Information and Communications Technology, JAPAN (NICT), “nicterweb.” http://www.nicter.jp/. Accessed 15 Jan 2016
Pastor-Satorras, R., Smith, E., Sole, R.V.: Dynamical and correlation properties of the Internet. Phys. Rev. Lett. 87, 028701 (2000)
Rojo, O., Soto, R.: The spectra of the adjacency matrix and Laplacian matrix for some balanced trees. Linear Algebra Appl. 401(1–3), 97–117 (2005)
Takeo, D., Ito, M., Suzuki, H., Okazaki, N., Watanabe, A.: “A Proposal of a Detection Technique on Stepping-stone Attacks Using”, connection-based method. IPSJ J. 48(2), 644–655 (2007)
Tomita, Y., Nakao, A.: Inferring an AS Path from an incomplete Traceroute. J. Inst. Electron. Inf. Commun. Eng. 109(273(NS2009 103–119)), 17–22 (2009)
U.S.A., Norse corporation. http://www.norse-corp.com/. Accessed 15 Jan 2016
Wu, W.C.: On Rayleigh-Ritz ratios of a generalized Laplacian matrix of directed graphs. Linear Algebra Appl. 402(1–3), 207–227 (2005)
Yokota, R., Okubo, R., Sone, N., Morii, M.: The affect of the honeypot on the darknet observation, part 2. IEICE Tech. Rep. 2013-GN-88(16), 1–4 (2013)
Zhou, Q., Li, Z.: Empirical determination of geometric parameters for selective omission in a road network. Int. J. Geogr. Inf. Sci. 30(2), 263–299 (2016). Taylor & Francis
Acknowledgments
Special thanks to Capt. Kengo Komoriya, Japan Ground Self Defense Force. Without his computer simulations and extremely humorous, this research work would not have been possible. This work was supported by JSPS KAKENHI Grant Number 24560491.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Tanaka, H. (2016). Network Counter-Attack Strategy by Topology Map Analysis. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-49806-5_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49805-8
Online ISBN: 978-3-319-49806-5
eBook Packages: Computer ScienceComputer Science (R0)