A testbed for evaluation and analysis of stepping stone attack attribution techniques

This paper describes a testbed for experimentally evaluating stepping stone attack attribution techniques. There is a lack of comprehensive experimental evaluation of many different stepping stone attack detection schemes. Therefore, there are no objective, comparable evaluation results on the effectiveness and limitations of these schemes. In this research, we designed and built a scalable testbed environment that can evaluate all existing stepping stone attack attribution schemes reproducibly, provide a stable platform for further research on this area and be easily reconfigured, expanded, and operated with user-friendly interface. This testbed environment has been established in a dedicated stepping stone attack attribution research laboratory. An evaluation of proposed stepping stone techniques is currently underway

[1]  Prepared by: BBN Technologies , 2003 .

[2]  Barbara A. Denny,et al.  Traffic generator software release notes , 2002 .

[3]  Robert K. Cunningham,et al.  Results of the DARPA 1998 Offline Intrusion Detection Evaluation , 1999, Recent Advances in Intrusion Detection.

[4]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OPSR.

[5]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[6]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[7]  Yong Guan,et al.  Detection of stepping stone attack under delay and chaff perturbations , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[8]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[9]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[10]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[11]  David E. Culler,et al.  A blueprint for introducing disruptive technology into the Internet , 2003, CCRV.

[12]  David E. Culler,et al.  Operating Systems Support for Planetary-Scale Network Services , 2004, NSDI.

[13]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Jesse C. Rabek,et al.  LARIAT: Lincoln adaptable real-time information assurance testbed , 2002, Proceedings, IEEE Aerospace Conference.

[15]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[16]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.