Title :
Online Sketching of Network Flows for Real-Time Stepping-Stone Detection
Author :
Coskun, Baris ; Memon, Nasir
Author_Institution :
Electr. & Comput. Eng., Polytech. Inst. of NYU, Brooklyn, NY, USA
Abstract :
We present an efficient and robust stepping-stone detection scheme based on succinct packet-timing sketches of network flows. The proposed scheme employs an online algorithm to continuously maintain short sketches of flows from a stream of captured packets at the network boundary. These sketches are then used to identify pairs of network flows with similar packet-timing characteristics, which indicates potential stepping-stones. Succinct flow sketches enable the proposed scheme to compare a given pair of flows in constant time. In addition, flow sketches identify pairs of correlated flows from a given list of flows in sub-quadratic time, thereby allowing a more scalable solution as compared to known schemes. Finally, the proposed scheme is resistant to random delays and chaff, which are often employed by attackers to evade detection. To explore its efficacy, we mathematically analyze the robustness properties of the proposed flow sketch. We also experimentally measure the detection performance of the proposed scheme.
Keywords :
security of data; chaff resistant; network flows; online sketching; packet-timing characteristics; random delay resistant; real-time stepping-stone detection; succinct packet-timing sketches; Application software; Computer networks; Computer science; Computer security; Intrusion detection; Jitter; Maintenance engineering; Relays; Robustness; Timing; Data Sketching; Network Security; Stepping-Stones; Streaming Algorithms;
Conference_Titel :
Computer Security Applications Conference, 2009. ACSAC '09. Annual
Conference_Location :
Honolulu, HI
Print_ISBN :
978-0-7695-3919-5
DOI :
10.1109/ACSAC.2009.51
