Sniffing Detection within the Network
Krzysztof Cabaj , Marcin Gregorczyk , Wojciech Mazurczyk , Piotr Nowakowski , Piotr Żórawski
AbstractSniffing is a crucial part of the network attack where an intruder tries to gather as much information as possible on the devices, protocols and applications residing within the targeted network in order to discover their vulnerabilities. It is typically performed using dedicated software called sniffers and it is based on passively analyzing the traffic exchanged within the network. Due to its passive nature such malicious actions are quite hard to be discovered. That is why, in this paper we first revisit existing approaches and tools known from the state-of-the-art. Then we introduce a novel detection method which is able to identify suspicious machine using specially crafted network traffic and based on its reaction is able to infer whether sniffer is running or not.
|Publication size in sheets||0.5|
Proceedings of the 14th International Conference on Availability, Reliability and Security - Ares 2019, ICPS, 2019, Association for Computing Machinery, ISBN 978-1-4503-7164-3, 780 p., DOI:10.1145/3339252
2019 ARES book.pdf / 1.15 MB / No licence information
|Keywords in English||Network security, sniffing, threat detection|
|Project||Internet of Radio Light. Project leader: Mazurczyk Wojciech,
, Phone: + 48 22 234-77-11, start date 01-06-2017, planned end date 31-05-2020, IT/2017/horyzont2020/03, Implemented
|Score||= 70.0, 06-02-2020, ChapterFromConference|
|Publication indicators||= 0|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.