Detecting Encrypted Interactive Stepping-Stone Connections

Author

He, Ting ; Tong, Lang

Author_Institution

Sch. of Electr. & Comput. Eng., Cornell Univ., Ithaca, NY

Volume

3

fYear

2006

fDate

14-19 May 2006

Abstract

Network intruders often hide their identities by sending attacks through a chain of compromised hosts that are used as "stepping stones". The difficulty in defending against such attacks lies in detecting stepping-stone connections at the compromised hosts. In this paper, to distinguish normal from attacking connections, we consider strategies that do not depend on the content of the traffic so that they are applicable to encrypted traffic. We propose a low complexity detection algorithm that has no miss detection and an exponentially-decaying false alarm probability. A sequential strategy is then developed to reduce the required number of testing packets

Keywords

computer networks; cryptography; probability; telecommunication security; telecommunication traffic; encrypted interactive stepping-stone connections; encrypted traffic; exponentially-decaying false alarm probability; network intruders; stepping-stone connections detection; Cryptography; Delay; Detection algorithms; Government; Helium; Intrusion detection; Relays; Sequential analysis; Telecommunication traffic; Timing; Stepping-stone detection; encrypted stepping-stone attacks; interactive stepping-stones attacks; intrusion detection algorithms;

fLanguage

English

Publisher

ieee

Conference_Titel

Acoustics, Speech and Signal Processing, 2006. ICASSP 2006 Proceedings. 2006 IEEE International Conference on

Conference_Location

Toulouse

ISSN

1520-6149

Print_ISBN

1-4244-0469-X

Type

conf

DOI

10.1109/ICASSP.2006.1660779

Filename

1660779