A Cross-protocol approach to detect TCP Hijacking attacks

Author

Barry, Bazara I A ; Chan, H. Anthony

Author_Institution

Dept. of Electr. Eng., Univ. of Cape Town, Cape Town, South Africa

fYear

2007

fDate

24-27 Nov. 2007

Firstpage

57

Lastpage

60

Abstract

More efficient intrusion detection systems (IDSs) have become a necessity because the nature of Internet attacks and the methods used by attackers are changing significantly. Many recent attacks take advantage of more than one protocol at a time, which results in poor detection accuracy in traditional IDSs. In this paper, we propose a novel design and implementation of TCP extended finite state machine with TCP hijacking in mind. Our design is based on a cross-protocol detection mechanism which assists TCP detection module with information from other protocols involved (especially IP), and makes TCP parameters available for other protocols participating in the session. The way our system is designed enables it to help a wide range of applications that use TCP protocol, to detect session attacks. The system is tested with TCP hijacking attacks among others and shows promising detection accuracy.

Keywords

Internet; finite state machines; security of data; transport protocols; Internet attacks; TCP Hijacking attacks detection; TCP protocol; cross-protocol approach; extended finite state machine; intrusion detection systems; Automata; Cities and towns; IP networks; Internet telephony; Intrusion detection; Monitoring; Phase detection; Protocols; Signal processing; TCPIP; Cross protocol; extended finite state machines; finite state machines; intrusion detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Signal Processing and Communications, 2007. ICSPC 2007. IEEE International Conference on

Conference_Location

Dubai

Print_ISBN

978-1-4244-1235-8

Electronic_ISBN

978-1-4244-1236-5

Type

conf

DOI

10.1109/ICSPC.2007.4728254

Filename

4728254