Title :
Hybrid stepping stone detection method
Author :
Omar, Mohd Nizam ; Siregar, Lelyzar ; Budiarto, Rahmat
Author_Institution :
Dept. of Inf. Technol., Univ. Utara Malaysia, Kedah
Abstract :
Stepping stone detection can be defined as a process to discover an intermediate host correlation that used by intruder. Most of the intruders cover their track by login into intermediate host first before execute the real attack. This intermediate hosts here known as stepping stone. This paper introduces a hybrid stepping stone detection method which combines the network-based and host-based stepping stone method. By taking the special capabilities of each method, solid stepping stone detection architecture has been produced. A great explanation regarding to the architecture has been done, together with the details of each chosen approach as to develop the overall hybrid stepping stone detection method. The study shows that by applying the hybrid concept in stepping stone detection, benefits can be gained from the less number of false positive and false negative rates, robust against active perturbation and the overall stepping stone methods becomes more precise.
Keywords :
security of data; host-based stepping stone; intermediate host correlation; network-based stepping stone; overall hybrid stepping stone detection; solid stepping stone detection architecture; Cryptography; Delay; Finance; Internet; Intrusion detection; Peer to peer computing; Robustness; Solids; Target tracking; Transportation; Intrusion tracing; hybrid; stepping stone detection;
Conference_Titel :
Distributed Framework and Applications, 2008. DFmA 2008. First International Conference on
Conference_Location :
Penang
Print_ISBN :
978-1-4244-2312-5
Electronic_ISBN :
978-1-4244-2313-2
DOI :
10.1109/ICDFMA.2008.4784426
