University of Khartoum

A Cross-protocol approach to detect TCP Hijacking attacks

A Cross-protocol approach to detect TCP Hijacking attacks

Show full item record

Title: A Cross-protocol approach to detect TCP Hijacking attacks
Author: Chan, H. Anthony; Barry, Bazara
Abstract: More efficient Intrusion Detection Systems (IDSs) have become a necessity because the nature of Internet attacks and the methods used by attackers are changing significantly. Many recent attacks take advantage of more than one protocol at a time which results in an unacceptable high level of false negatives and false positives in traditional IDSs. In this paper, we propose a novel design and implementation of TCP extended finite state machine with TCP hijacking in mind. Our design is based on a cross-protocol detection mechanism which assists TCP detection module with information from other protocols involved (especially IP), and makes TCP parameters available for other protocols participating in the session. The way our system is designed enables it to help a wide range of applications that use TCP protocol, to detect session attacks. The system is tested with TCP hijacking attacks and shows a promising detection accuracy and low runtime impact.
URI: http://khartoumspace.uofk.edu/handle/123456789/17984
Date: 2015-12-27


Files in this item

Files Size Format View

This item appears in the following Collection(s)

Show full item record

Share

Search DSpace


Browse

My Account