Title :
Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
Author :
Zhao, Guoqing ; Yang, Jianhua ; Hura, Gurdeep S. ; Ni, Long ; Huang, Shou-Hsuan Stephen
Author_Institution :
Coll. of Inf. Eng., Beijing Inst. of Petro-Chem. Technol., Beijing
Abstract :
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with outgoing connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders´ evasion.
Keywords :
security of data; transport protocols; Kendall Tau Rank; Spearman Rank; TCP/IP; correlation coefficient; interactive sessions; intrusion detection; network security; stepping-stone intrusion; Computer networks; Computer science; Computer security; Electronic mail; Intrusion detection; Monitoring; Resists; Signal processing; Signal processing algorithms; TCPIP; correlation coefficient; interactive session; intrusion detection; network security; stepping-stone;
Conference_Titel :
Advanced Information Networking and Applications, 2009. AINA '09. International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-4000-9
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2009.12
