TY - GEN
T1 - A game-theoretic approach for deceiving remote operating system fingerprinting
AU - Rahman, Mohammad Ashiqur
AU - Manshaei, Mohammad Hossein
AU - Al-Shaer, Ehab
PY - 2013
Y1 - 2013
N2 - Remote Operating System (OS) Fingerprinting is a precursory step for launching attacks on the Internet. As a precaution against potential attacks, a remote machine can take a proactive counter-strategy to deceive fingerprinters. This is done by normalizing or mystifying the distinguishing behaviors in the packets. However, the unified modification causes significant performance degradation to benign clients. Using a game-theoretic approach, we propose a selective and dynamic mechanism for counter-fingerprinting. We first model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we design DeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our game-theoretic approach appropriately distinguishes a fingerprinter from a benign client and mystifies packets to confuse the fingerprinter, while minimizing the side effects on benign clients. Our performance analysis shows that DeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients.
AB - Remote Operating System (OS) Fingerprinting is a precursory step for launching attacks on the Internet. As a precaution against potential attacks, a remote machine can take a proactive counter-strategy to deceive fingerprinters. This is done by normalizing or mystifying the distinguishing behaviors in the packets. However, the unified modification causes significant performance degradation to benign clients. Using a game-theoretic approach, we propose a selective and dynamic mechanism for counter-fingerprinting. We first model and analyze the interaction between a fingerprinter and a target as a signaling game. We derive the Nash equilibrium strategy profiles based on the information gain analysis. Based on our game results, we design DeceiveGame, a mechanism to prevent or to significantly slow down fingerprinting attacks. Our game-theoretic approach appropriately distinguishes a fingerprinter from a benign client and mystifies packets to confuse the fingerprinter, while minimizing the side effects on benign clients. Our performance analysis shows that DeceiveGame can reduce the probability of success of the fingerprinter significantly, without deteriorating the overall performance of other clients.
UR - http://www.scopus.com/inward/record.url?scp=84893599604&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893599604&partnerID=8YFLogxK
U2 - 10.1109/CNS.2013.6682694
DO - 10.1109/CNS.2013.6682694
M3 - Conference contribution
AN - SCOPUS:84893599604
SN - 9781479908950
T3 - 2013 IEEE Conference on Communications and Network Security, CNS 2013
SP - 73
EP - 81
BT - 2013 IEEE Conference on Communications and Network Security, CNS 2013
PB - IEEE Computer Society
T2 - 1st IEEE International Conference on Communications and Network Security, CNS 2013
Y2 - 14 October 2013 through 16 October 2013
ER -