论文信息 - Matching TCP packets and its application to the detection of long connection chains on the Internet

Matching TCP packets and its application to the detection of long connection chains on the Internet

Network attackers usually launch their attacks behind a long connection chain. One way to stop such attacks is to prevent the attackers from using computers as "stepping-stones" for their attacks. A "Step-Function" method has been proposed to detect the length of a connection chain from a host to the victim machine. The algorithm is based on the changes in packet round trip times. Due to many network protocol issues, it is impossible to match all such packets correctly. We propose two algorithms to match TCP packet in real-time. The first algorithm matched fewer packets but the matching is correct. The second one matches more packets with some uncertainty on the correctness. The two algorithms gave almost identical results in determining the length of a connection chain. The algorithm gives a way to stop stepping-stone intrusion on the Internet in real-time.

Shou-Hsuan Stephen Huang | Jianhua Yang

[1] Bogdan M. Wilamowski,et al. The Transmission Control Protocol , 2005, The Industrial Information Technology Handbook.

[2] Shou-Hsuan Stephen Huang,et al. A real-time algorithm to detect long connection chains of interactive terminal sessions , 2004, InfoSecu '04.

[3] Kwong H. Yung. Detecting Long Connection Chains of Interactive Terminal Sessions , 2002, RAID.

[4] Dimitri P. Bertsekas,et al. Data Networks , 1986 .

[5] Martin P. Clark,et al. Data Networks, IP and the Internet: Protocols, Design and Operation , 2003 .

[6] Yin Zhang,et al. Detecting Stepping Stones , 2000, USENIX Security Symposium.

[7] Vern Paxson,et al. Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[8] Stuart Staniford-Chen,et al. Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[9] Behrouz A. Forouzan. TCP/IP Protocol Suite , 1999 .

[10] Tatu Ylonen,et al. SSH Transport Layer Protocol , 1996 .