Title :
Detection of stepping stone attack under delay and chaff perturbations
Author :
Zhang, Linfeng ; Persaud, Anthony G. ; Johnson, Alan ; Guan, Yong
Author_Institution :
Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
Abstract :
Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff perturbations exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers cannot always evade detection only by adding limited delay and independent chaff perturbations. We provide the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and the experimental results show that our algorithms are more effective in detecting stepping stone attacks in some scenarios
Keywords :
cryptography; probability; telecommunication security; telecommunication traffic; attack traffic encryption; chaff perturbation; delay; false attribution probability; stepping stone attack detection; Added delay; Algorithm design and analysis; Cryptography; Delay effects; Relays; Telecommunication traffic; Upper bound; Watermarking;
Conference_Titel :
Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International
Conference_Location :
Phoenix, AZ
Print_ISBN :
1-4244-0198-4
DOI :
10.1109/.2006.1629414
