Detect Stepping-Stone Insider Attacks by Network Traffic Mining and Dynamic Programming

Author

Yang, Jianhua ; Ray, Lydia ; Zhao, Guoqing

Author_Institution

TSYS Sch. of Comput. Sci., Columbus State Univ., Columbus, GA, USA

fYear

2011

fDate

22-25 March 2011

Firstpage

151

Lastpage

158

Abstract

Stepping-stone is the most popular way used to attack other computers. Some insiders use stepping-stone to launch their attacks pretending to be outsiders. In this paper, we propose a novel algorithm to detect stepping-stone insider attacks through comparing outgoing and incoming connections. We modify the existing packet matching algorithm by introducing sliding window to make the algorithm more efficient and practicable. The algorithm to compute the similarity between two time-pair sequences through finding the longest common sub sequence is proposed. The stepping-stone insider attacks detection algorithm is easy to be implemented and to use since there is no threshold needed. The experimental results showed the effectiveness of the algorithm to detect stepping-stone insider attacks.

Keywords

data mining; dynamic programming; security of data; telecommunication traffic; dynamic programming; network traffic mining; packet matching algorithm; sliding window; stepping-stone insider attack detection; time-pair sequences; Algorithm design and analysis; Clustering algorithms; Computers; Data mining; Dynamic programming; Markov processes; Sensors; Network security; chaff-perturbation; insider detection; masquerader; stepping-stone; time-jittering; traitor;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on

Conference_Location

Biopolis

ISSN

1550-445X

Print_ISBN

978-1-61284-313-1

Electronic_ISBN

1550-445X

Type

conf

DOI

10.1109/AINA.2011.33

Filename

5763360