论文信息 - Packet-based algorithms for stepping-stone detection with chaff perturbation

Packet-based algorithms for stepping-stone detection with chaff perturbation

Network intruders usually launch attacks indirectly by constructing a long connection via intermediary hosts, called stepping-stones, to hide their identities. In order to detect this type of malicious behavior, it is necessary to identify whether a host has been used as a stepping-stone. More sophisticated intruders even add extra superfluous packets, called chaff packets, to evade detection. In this paper, we introduce the packet-based approach to detect stepping-stones with chaff perturbation based on the range of a random walk model. Two algorithms, size-fluctuation and transformation, are proposed for this approach to distinguish the stepping-stone connections from the normal connections. The results show that both algorithms are able to identify the stepping-stone connections effectively under a larger number of chaff perturbation and with fewer monitored packets than the existing methods. Copyright © 2010 John Wiley & Sons, Ltd.

Shou-Hsuan Stephen Huang | Han-Ching Wu

[1] Shou-Hsuan Stephen Huang,et al. Stepping-Stone Detection Via Request-Response Traffic Analysis , 2007, ATC.

[2] Dawn Xiaodong Song,et al. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[3] Shou-Hsuan Stephen Huang,et al. Detecting Stepping-Stone with Chaff Perturbations , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[4] Shou-Hsuan Stephen Huang,et al. A real-time algorithm to detect long connection chains of interactive terminal sessions , 2004, InfoSecu '04.

[5] Stuart Staniford-Chen,et al. Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[6] Douglas S. Reeves,et al. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[7] Douglas S. Reeves,et al. Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[8] Lang Tong,et al. Detecting Encrypted Stepping-Stone Connections , 2007, IEEE Transactions on Signal Processing.

[9] Yin Zhang,et al. Detecting Stepping Stones , 2000, USENIX Security Symposium.

[10] Hiroaki Etoh,et al. Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[11] Kwong H. Yung. Detecting Long Connection Chains of Interactive Terminal Sessions , 2002, RAID.