Title :
A clustering-partitioning algorithm to find TCP packet round-trip time for intrusion detection
Author :
Yang, Jianhua ; Huang, Shou-Hsuan Stephen ; Wan, Ming D.
Author_Institution :
Dept. of Comput. Sci., Houston Univ., TX, USA
Abstract :
An effective approach for detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet round-trip time. In this paper, we propose a new algorithm by using maximum-minimum distance clustering and partitioning method to find the round-trip time from the time-stamps of TCP send and echo packets. Previous algorithms produce either good results on very few packets, or poor results on many packets. This method gives us better round-trip time and more packets than other algorithms proposed in the past.
Keywords :
pattern clustering; security of data; transport protocols; TCP packet round-trip time; intrusion detection; maximum-minimum distance clustering method; partitioning algorithm; transport control protocol; Clustering algorithms; Computer science; Cryptography; Delay; Greedy algorithms; Internet; Intrusion detection; Local area networks; Partitioning algorithms; Network security; clustering; intrusion detection; partitioning; round-trip time; stepping-stone;
Conference_Titel :
Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on
Print_ISBN :
0-7695-2466-4
DOI :
10.1109/AINA.2006.13
