Title :
An Algorithm to Detect Stepping-Stones in the Presence of Chaff Packets
Author :
Ying-Wei Kuo ; Huang, Shou-Hsuan Stephen
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
Abstract :
A major concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of the intermediate hosts to attack a target machine and maintain the anonymity. Such an intermediate host is called a stepping-stone. The intruders have developed some evasion techniques such as injecting chaff packets. A number of algorithms have been proposed to detect stepping-stones, but some of them failed to detect correctly when the network traffic is somehow corrupted or with the chaff packets. We discuss the viability of solving those issues by improving a previous methodology. The algorithm is based on finding as many matched pairs of incoming and outgoing packets on the same host as possible and then decide whether it is a stepping-stone connection by the mismatched rate. We examine a number of tradeoffs in choosing the threshold values by simulating network traffic. Our experiments report a very good performance with very low false detection rates when using carefully selected parameter values.
Keywords :
computer networks; telecommunication network routing; telecommunication security; telecommunication traffic; chaff packet; evasion technique; false detection rate; network intrusion detection system; network routing; network traffic; stepping-stone detection; Computer science; Cryptography; Delay; Delta modulation; Detection algorithms; Intrusion detection; Routing; Telecommunication traffic; Timing; USA Councils; Stepping-stone; chaff; connection chain; intrusion detection; network security;
Conference_Titel :
Parallel and Distributed Systems, 2008. ICPADS '08. 14th IEEE International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-0-7695-3434-3
DOI :
10.1109/ICPADS.2008.101
