• DocumentCode
    1826283
  • Title

    Detecting Stepping-Stone Intruders with Long Connection Chains

  • Author

    Ding, Wei ; Hausknecht, Matthew J. ; Huang, Shou-Hsuan Stephen ; Riggle, Zach

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
  • Volume
    2
  • fYear
    2009
  • fDate
    18-20 Aug. 2009
  • Firstpage
    665
  • Lastpage
    669
  • Abstract
    It is generally agreed that there is no valid reason to use a long connection chain for remote login such as SSH connection. Most of the stepping-stone detection algorithms installed on a host were designed to protect the victim of a third party downstream from where the algorithm is running. It is much more important for a host to protect itself from being a victim. This project uses an approximated round-trip time to distinguish a long connection chain from a short one. Several measures were studied to distinguish long chains from short ones. An estimated roundtrip time was defined to measure the chain length. Preliminary result suggests shows that the proposed algorithm can distinguish long connection chains from short ones with relatively low false rate.
  • Keywords
    security of data; SSH connection; approximated round-trip time; connection chains; remote login; stepping-stone intruder detection; Algorithm design and analysis; Computer science; Computer security; Delay effects; Detection algorithms; Information security; Intrusion detection; Length measurement; Protection; Time measurement; Connection Chain; Intrusion Detection; Security; Stepping-Stone;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
  • Conference_Location
    Xian
  • Print_ISBN
    978-0-7695-3744-3
  • Type

    conf

  • DOI
    10.1109/IAS.2009.123
  • Filename
    5284256
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1826283