Title :
Detecting Encrypted Interactive Stepping-Stone Connections
Author :
He, Ting ; Tong, Lang
Author_Institution :
Sch. of Electr. & Comput. Eng., Cornell Univ., Ithaca, NY
Abstract :
Network intruders often hide their identities by sending attacks through a chain of compromised hosts that are used as "stepping stones". The difficulty in defending against such attacks lies in detecting stepping-stone connections at the compromised hosts. In this paper, to distinguish normal from attacking connections, we consider strategies that do not depend on the content of the traffic so that they are applicable to encrypted traffic. We propose a low complexity detection algorithm that has no miss detection and an exponentially-decaying false alarm probability. A sequential strategy is then developed to reduce the required number of testing packets
Keywords :
computer networks; cryptography; probability; telecommunication security; telecommunication traffic; encrypted interactive stepping-stone connections; encrypted traffic; exponentially-decaying false alarm probability; network intruders; stepping-stone connections detection; Cryptography; Delay; Detection algorithms; Government; Helium; Intrusion detection; Relays; Sequential analysis; Telecommunication traffic; Timing; Stepping-stone detection; encrypted stepping-stone attacks; interactive stepping-stones attacks; intrusion detection algorithms;
Conference_Titel :
Acoustics, Speech and Signal Processing, 2006. ICASSP 2006 Proceedings. 2006 IEEE International Conference on
Conference_Location :
Toulouse
Print_ISBN :
1-4244-0469-X
DOI :
10.1109/ICASSP.2006.1660779
