Title :
Detecting Intruders Using a Long Connection Chain to Connect to a Host
Author :
Ding, Wei ; Huang, Shou-Hsuan Stephen
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
Abstract :
A common technique hackers use to break into a computer host is to route their traffic through a chain of stepping-stone hosts. There is no valid reason to use a long connection chain for remote login such as SSH connections. One way to protect a host of being attacked is to identify long connection chains connecting into the host. This paper proposes a novel method to identify long connection chains from short chains using a pre-computed short chain profile. Each new connection will be compared to the profile. Any connection that differs significantly from the profile will be considered as a suspicious long connection. Several methods are used to adjust with user´s different typing speed. Validation results show that more than 80% long chains can be correctly detected for chains of length 4 or higher.
Keywords :
security of data; SSH connection; computer host; intruder detection; intrusion detection; long connection chain; remote login; Cryptography; Delay; Monitoring; Servers; Signal processing algorithms; Computer Security; Connection Chain; Intrusion Detection; Stepping-Stone Intrusion;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on
Conference_Location :
Biopolis
Print_ISBN :
978-1-61284-313-1
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2011.109
