Skip to main content
SpringerLink
Log in

Matching Connection Pairs

  • Conference paper
Parallel and Distributed Computing: Applications and Technologies (PDCAT 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3320))

Abstract

When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wang, X., Reeves, D., Wu, S.F., Yuill, J.: Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework. In: Proceedings of IFIP Conference on Security (March 2001)

    Google Scholar 

  2. Buchholz, F., Daniels, T.E., Kuperman, B., Shields, C.: Packet Tracker Final Report, CERIAS Technical Report 2000-23, Purdue University (2000)

    Google Scholar 

  3. Yoda, K., Etoh, H.: Finding a Connection Chain for Tracing Intruders. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Jung, H.T., et al.: Caller Identification System in the Internet Environment. In: Proceedings of the 4th Usenix Security Symposium (1993)

    Google Scholar 

  5. Snapp, S.R., Brentano, J., Dias, G.V.: DIDS(Distributed Intrusion Detection System) – Motivation, Architecture, and An Early Prototype. In: Proceedings of the 14th National Computer Security Conference (1991)

    Google Scholar 

  6. Staniford-Chen, S., Heberlein, L.T.: Holding Intruders Accountable on the Internet. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy (1995)

    Google Scholar 

  7. Zhang, Y., Paxson, V.: Detecting Stepping stones. In: Proceedings of 9th USENIX Security Symposium, August (2000)

    Google Scholar 

  8. Schnackenberg, D., Djahandari, K., Sterene, D.: Infrastructure for Intrusion Detection and Response. In: Proceedings of DISCEX (January 2000)

    Google Scholar 

  9. Schnackenberg, D., Djahandary, K., Strene, D.: Cooperative Intrusion Traceback and Response Architecture(CITRA). In: Proceedings of the 2nd DARPA Information Survivability Conference and Exposition(DISCEXII) (June 2001)

    Google Scholar 

  10. Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proceedings of InfoCom (2001)

    Google Scholar 

  11. Savage, S., Wetherall, D., Karlin, A.: Practical Network Support for IP Traceback. In: Proceedings of the 2000 ACM SIGCOMM Conference, Stockholm, Sweden, August 2000, pp. 295–306 (2000)

    Google Scholar 

  12. Graham Glass, UNIX for Programmers and Users: A Complete Guide. Prentice Hall, Englewood Cliffs (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Security Research Institute, 161Gajeong-Dong, Yuseong-Gu, Daejeon, 305-350, Korea

    Hyung Woo Kang & Soon Jwa Hong

  2. Center for Information Security Technologies(CIST), Korea University, Seoul, 136-704, Korea

    Dong Hoon Lee

Authors
  1. Hyung Woo Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Soon Jwa Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dong Hoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Nanyang Centre for Supercomputing and Visualisation School of Mechanical and Production Engineering, Nanyang Technological University, 50 Nanyang Avenue, 639 798, Singapore

    Kim-Meow Liew

  2. School of Computer Science, The University of Adelaide,  

    Hong Shen

  3. Asia Pacific Science and Technology Center, Sun Microsystems Inc., 50 Nanyang Avenue, N3-1c-10, 639798, Singapore

    Simon See

  4. School of Computer Engineering, Nanyang Technological University, 639798, Singapore

    Wentong Cai

  5. Southwest Jiaotong University,  

    Pingzhi Fan

  6. Tohoku University ,  

    Susumu Horiguchi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kang, H.W., Hong, S.J., Lee, D.H. (2004). Matching Connection Pairs. In: Liew, KM., Shen, H., See, S., Cai, W., Fan, P., Horiguchi, S. (eds) Parallel and Distributed Computing: Applications and Technologies. PDCAT 2004. Lecture Notes in Computer Science, vol 3320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30501-9_124

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30501-9_124

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24013-6

  • Online ISBN: 978-3-540-30501-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation