Title :
A New Model to Detect Stepping-Stone Intrusion
Author :
Yang, Jianhua ; Zhang, Yongzhong
Author_Institution :
TSYS Comput. Sci. Dept., Columbus State Univ., Columbus, GA, USA
Abstract :
Most researchers do not distinguish stepping-stone detection and stepping-stone intrusion detection, thus introduce more false positive errors in detecting stepping-stone intrusion. Those approaches proposed to detect stepping-stone intrusion are vulnerable to intruders´ evasion. In this paper we analyze the problems of the current model used to detect stepping-stone, and propose a new model based on computing the length of an interactive TCP/IP session to detect stepping-stone intrusion. Besides the advantage of low false positive rate, we demonstrate that an approach based on the new model can resist intruders´ evasion, such as time-jittering, and chaff-perturbation.
Keywords :
computer network security; transport protocols; chaff-perturbation; interactive TCP/IP; stepping-stone intrusion detection; time-jittering; Computer errors; Computer networks; Computer science; Cryptography; Delay; Educational institutions; Intrusion detection; Resists; TCPIP; Technology management; Stepping-stone; chaff-perturbation; downstream length; intrusion detection; network security; time-jittering; upstream length;
Conference_Titel :
Computer Science and Engineering, 2009. WCSE '09. Second International Workshop on
Conference_Location :
Qingdao
Print_ISBN :
978-0-7695-3881-5
DOI :
10.1109/WCSE.2009.737
