• DocumentCode
    1685408
  • Title

    A clustering-partitioning algorithm to find TCP packet round-trip time for intrusion detection

  • Author

    Yang, Jianhua ; Huang, Shou-Hsuan Stephen ; Wan, Ming D.

  • Author_Institution
    Dept. of Comput. Sci., Houston Univ., TX, USA
  • Volume
    1
  • fYear
    2006
  • Abstract
    An effective approach for detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet round-trip time. In this paper, we propose a new algorithm by using maximum-minimum distance clustering and partitioning method to find the round-trip time from the time-stamps of TCP send and echo packets. Previous algorithms produce either good results on very few packets, or poor results on many packets. This method gives us better round-trip time and more packets than other algorithms proposed in the past.
  • Keywords
    pattern clustering; security of data; transport protocols; TCP packet round-trip time; intrusion detection; maximum-minimum distance clustering method; partitioning algorithm; transport control protocol; Clustering algorithms; Computer science; Cryptography; Delay; Greedy algorithms; Internet; Intrusion detection; Local area networks; Partitioning algorithms; Network security; clustering; intrusion detection; partitioning; round-trip time; stepping-stone;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on
  • ISSN
    1550-445X
  • Print_ISBN
    0-7695-2466-4
  • Type

    conf

  • DOI
    10.1109/AINA.2006.13
  • Filename
    1620197
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1685408