Monitoring Network Traffic to Detect Stepping-Stone Intrusion

Author

Yang, Jianhua ; Lee, Byong ; Huang, Stephen S H

Author_Institution

Bennett Coll., Greensboro

fYear

2008

fDate

25-28 March 2008

Firstpage

56

Lastpage

61

Abstract

Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an incoming connection and the one of an outgoing connection is bounded. One weakness of this method is in resisting intruders´ evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum´s approach in terms of resisting intruders´ chaff perturbation.

Keywords

computer networks; random processes; security of data; telecommunication security; chaff perturbation; incoming connection; intruder evasion; network intruders; network traffic monitoring; outgoing connection; random walk theory; send packets; stepping-stone intrusion detection; Application software; Computer networks; Computer science; Computerized monitoring; Cryptography; Educational institutions; Electronic mail; Intrusion detection; TCPIP; Telecommunication traffic; Evasion; Intrusion Detection; Network Traffic; Stepping-Stone Intrusion;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications - Workshops, 2008. AINAW 2008. 22nd International Conference on

Conference_Location

Okinawa

Print_ISBN

978-0-7695-3096-3

Type

conf

DOI

10.1109/WAINA.2008.30

Filename

4482890