Title :
RTT-Based Random Walk Approach to Detect Stepping-Stone Intrusion
Author :
Jianhua Yang ; Yongzhong Zhang
Author_Institution :
TSYS Sch. of Comput. Sci., Columbus State Univ., Columbus, GA, USA
Abstract :
Detecting Stepping-stone intrusion, especially resisting in intruders evasion has been widely and deeply studied and explored since 1995. In this paper, we propose a method by counting matched TCP/IP packets to detect stepping-stone intrusion. Our study shows that this approach not only can detect stepping-stone intrusion with an improved performance, but also can resist in intruders´ evasion, such as time-jittering, and chaff-perturbation. We model stepping-stone intrusion detection as a one dimensional random-walk process. Theoretical analysis shows that in order to obtain the same false positive rate, this approach needs less number of packets monitored than Blum´s approach which is considered state-of-the-art method. The simulation results show that this approach can resist in intruders chaff-perturbation up to 50%.
Keywords :
IP networks; computer network security; security of data; RTT based random walk; chaff perturbation; counting matched TCP/IP packet; intruders evasion; one dimensional random walk process; stepping stone intrusion detection; time jittering; Computers; Cryptography; IP networks; Intrusion detection; Monitoring; Resists; chaff-perturbation; intrusion detection; packet matching; random-walk; round-trip time; stepping-stone intrusion; time-jittering;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on
Conference_Location :
Gwangiu
Print_ISBN :
978-1-4799-7904-2
DOI :
10.1109/AINA.2015.236
