Detection of stepping stone attack under delay and chaff perturbations

Author

Zhang, Linfeng ; Persaud, Anthony G. ; Johnson, Alan ; Guan, Yong

Author_Institution

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA

fYear

2006

fDate

10-12 April 2006

Lastpage

256

Abstract

Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff perturbations exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers cannot always evade detection only by adding limited delay and independent chaff perturbations. We provide the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and the experimental results show that our algorithms are more effective in detecting stepping stone attacks in some scenarios

Keywords

cryptography; probability; telecommunication security; telecommunication traffic; attack traffic encryption; chaff perturbation; delay; false attribution probability; stepping stone attack detection; Added delay; Algorithm design and analysis; Cryptography; Delay effects; Relays; Telecommunication traffic; Upper bound; Watermarking;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International

Conference_Location

Phoenix, AZ

Print_ISBN

1-4244-0198-4

Type

conf

DOI

10.1109/.2006.1629414

Filename

1629414