Detecting stepping-stones under the influence of packet jittering

Author

Wei Ding ; Khoa Le ; Huang, Shou-Hsuan Stephen

Author_Institution

Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA

fYear

2013

fDate

4-6 Dec. 2013

Firstpage

31

Lastpage

36

Abstract

Hackers often use a chain of intermediate stepping-stone hosts to hide their identity before launching an attack. This type of stepping-stone attack can be detected by applying timing-based correlation algorithms on the connections in and out of a host. However, hackers can add chaff packets or jitter the original packets to decrease the detection rate of these correlation algorithms. This paper proposes a novel method to detect intrusions under the influence of packet jittering. Our study shows how the distribution of the inter-arrival time gaps of a jittered connection differs from connections without jittering. We study the impact of the jittering probability model on the detection rate as well as parameters of the model upon the detection rate. Our study suggests a way to detect stepping-stones and complements the existing correlation-based stepping-stone detection algorithms to form a much more robust solution.

Keywords

computer crime; jitter; probability; chaff packets; correlation-based stepping-stone detection algorithm; hackers; identity hiding; interarrival time gap distribution; intermediate stepping-stone hosts; intrusion detection; jittered connection; jittering probability model; packet jittering; stepping-stone attack detection; timing-based correlation algorithm; Correlation; Market research; Monitoring; Standards; Training; intrusion detection; network security; packet jittering; stepping-stone;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security (IAS), 2013 9th International Conference on

Conference_Location

Gammarth

Print_ISBN

978-1-4799-2989-4

Type

conf

DOI

10.1109/ISIAS.2013.6947729

Filename

6947729