Abstract
When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wang, X., Reeves, D., Wu, S.F., Yuill, J.: Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework. In: Proceedings of IFIP Conference on Security (March 2001)
Buchholz, F., Daniels, T.E., Kuperman, B., Shields, C.: Packet Tracker Final Report, CERIAS Technical Report 2000-23, Purdue University (2000)
Yoda, K., Etoh, H.: Finding a Connection Chain for Tracing Intruders. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895. Springer, Heidelberg (2000)
Jung, H.T., et al.: Caller Identification System in the Internet Environment. In: Proceedings of the 4th Usenix Security Symposium (1993)
Snapp, S.R., Brentano, J., Dias, G.V.: DIDS(Distributed Intrusion Detection System) – Motivation, Architecture, and An Early Prototype. In: Proceedings of the 14th National Computer Security Conference (1991)
Staniford-Chen, S., Heberlein, L.T.: Holding Intruders Accountable on the Internet. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy (1995)
Zhang, Y., Paxson, V.: Detecting Stepping stones. In: Proceedings of 9th USENIX Security Symposium, August (2000)
Schnackenberg, D., Djahandari, K., Sterene, D.: Infrastructure for Intrusion Detection and Response. In: Proceedings of DISCEX (January 2000)
Schnackenberg, D., Djahandary, K., Strene, D.: Cooperative Intrusion Traceback and Response Architecture(CITRA). In: Proceedings of the 2nd DARPA Information Survivability Conference and Exposition(DISCEXII) (June 2001)
Song, D.X., Perrig, A.: Advanced and Authenticated Marking Schemes for IP Traceback. In: Proceedings of InfoCom (2001)
Savage, S., Wetherall, D., Karlin, A.: Practical Network Support for IP Traceback. In: Proceedings of the 2000 ACM SIGCOMM Conference, Stockholm, Sweden, August 2000, pp. 295–306 (2000)
Graham Glass, UNIX for Programmers and Users: A Complete Guide. Prentice Hall, Englewood Cliffs (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kang, H.W., Hong, S.J., Lee, D.H. (2004). Matching Connection Pairs. In: Liew, KM., Shen, H., See, S., Cai, W., Fan, P., Horiguchi, S. (eds) Parallel and Distributed Computing: Applications and Technologies. PDCAT 2004. Lecture Notes in Computer Science, vol 3320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30501-9_124
Download citation
DOI: https://doi.org/10.1007/978-3-540-30501-9_124
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24013-6
Online ISBN: 978-3-540-30501-9
eBook Packages: Computer ScienceComputer Science (R0)