Auflistung nach Schlagwort "Intrusion Detection System"
1 - 4 von 4
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAbusers don’t get Privacy. Sensitively Logging and Blocking Tor Abuse(SICHERHEIT 2020, 2020) Marx, MatthiasTor has a significant problem with malicious traffic routed through Tor exit nodes. They create a credible reason for websites to discriminate against Tor users. The abuse also creates a strong disincentive to run exit nodes since the exit node operators have to deal with abuse messages and possible law enforcement interactions. We want to detect and mitigate the attacks that happen through Tor exit nodes without undermining Tor users’ anonymity and privacy. We use a modified version of the Tor exit node to enable NIDS (Network Intrusion Detection) monitoring and termination of malicious activity on a per-circuit level. We use the Zeek IDS (formerly Bro) to detect attacks using robust mechanisms that have very low false positive rates. Initial results indicate that, using our approach, the number of abuse cases can be reduced.
- TextdokumentAssessment of Current Intrusion Detection System Concepts for Intra-Vehicle Communication(INFORMATIK 2020, 2021) Schell, Oleg; Reinhard, Jan Peter; Kneib, Marcel; Ring, MartinNowadays, vehicles incorporate a lot of electronics, which offer both advanced functionalities but also a great attack surface. Once having access to the communication network, an attacker can control critical functions like accelerating or steering. One possibility to detect these malicious intentions consists in the implementation of IDSs, which will even become mandatory via UN regulations in the future. Therefore, it is important for manufacturers and engineers to understand the opportunities and challenges of IDSs in the automotive environment. Giving an overview on these detection mechanisms is the primary goal of this elaboration. After the current vehicular communication architectures and protocols are outlined, potential attacks on the communication network are addressed. Afterwards, existing IDS concepts are presented, while the general requirements on these systems from an automotive perspective are stated and described next. Following the discussion on how to react to a detection, the elaboration is concluded with an outlook on what has still to be achieved to successfully integrate present IDSs into a vehicle.
- TextdokumentOn the Fingerprinting of Electronic Control Units Using Physical Characteristics in Controller Area Networks(INFORMATIK 2017, 2017) Kneib, Marcel; Huth, ChristopherMore and more connected features, like up-to-date maps or car-to-car communication, are added to our vehicles. Besides comfort and environmental benefits, those connections also enable attackers to cause high damages, as Miller and Valasek had shown with their remote hack of a Jeep Cherokee [MV15]. The exploited vulnerability caused a recall of 1.4 million vehicles. Such attacks are possible since no security mechanisms and no sender information are present in the Controller Area Network. Unfortunately, classical cryptographic algorithms cannot be added easily, due to its small payload size. A promising opportunity to increase security is to exploit physical information included in the received messages by extracting fingerprints. These allow to identify the sender of received messages, what can enhance detection or prevention of attacks. In the following, we impart the needed background and give an overview of the two known approaches to expand the Controller Area Network with sender identification.
- KonferenzbeitragA Survey on Sender Identification Methodologies for the Controller Area Network(SICHERHEIT 2020, 2020) Kneib, MarcelThe connectivity of modern vehicles is constantly increasing and consequently also the amount of attack vectors. Researchers have shown that it is possible to access internal vehicle communication via wireless connections, allowing the manipulation of safety-critical functions such as brakes and steering. If a Electronic Control Unit (ECU) can be compromised and is connected to the internal vehicle bus, attacks on the vehicle can be carried out in particular by impersonating other bus participants. Problematic is that the Controller Area Network (CAN), the most commonly used bus technology for internal vehicle communication, does not provide trustworthy information about the sender. Thus ECUs are not able to recognize whether a received message was sent by an authorized sender. Due to the limited applicability of cryptographic measures for the CAN, sender identification methods were presented that can determine the sender of a received message based on physical characteristics. Such approaches can increase the security of internal vehicle networks so that, for example, the manipulations can be limited to a single bus segment, thus preventing the propagation of the attack. This paper presents the different methodologies, which can mainly be divided into the categories time- and voltage-based, identifies problems as well as open questions and compares the existing approaches. The work thus offers an introduction into the topic, identifies possible research fields and enables a quick evaluation of the existing technologies.