• DocumentCode
    3198562
  • Title

    Matching TCP/IP Packets to Resist Stepping-Stone Intruders´ Evasion

  • Author

    Ni, Lonig ; Yang, Jianihua ; Zhang, Rani ; Song, David Y.

  • Author_Institution
    North Carolina A & T State Univ., Greensboro
  • fYear
    2008
  • fDate
    16-18 March 2008
  • Firstpage
    64
  • Lastpage
    68
  • Abstract
    Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an incoming connection and that of an outgoing connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders´ evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders´ evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders´ chaff perturbation and time jittering evasion.
  • Keywords
    jitter; pattern matching; telecommunication security; transport protocols; TCP/IP packet matching; chaff perturbation; network intruders; stepping-stone detection; stepping-stone intruders evasion; time jittering evasion; Cryptography; Delay; Monitoring; Protocols; Relays; Resists; TCPIP; Tellurium;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Theory, 2008. SSST 2008. 40th Southeastern Symposium on
  • Conference_Location
    New Orleans, LA
  • ISSN
    0094-2898
  • Print_ISBN
    978-1-4244-1806-0
  • Electronic_ISBN
    0094-2898
  • Type

    conf

  • DOI
    10.1109/SSST.2008.4480191
  • Filename
    4480191
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3198562