Title :
Detecting Stepping-Stone Connection Using Association Rule Mining
Author :
Kuo, Ying-Wei ; Huang, Shou-Hsuan Stephen
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX
Abstract :
A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.
Keywords :
Internet; data mining; security of data; telecommunication network routing; Internet; evasion technique; false detection rate; modified association rule mining; network intrusion detection system; network routing; stepping-stone connection detection; Association rules; Computer security; Cryptography; Data mining; Delay; Delta modulation; Detection algorithms; Intrusion detection; Routing; Timing jitter; Stepping-stone; connection chain; data mining; intrusion detection; network security;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.101
