Abstract
In this paper, we propose a cross-matching algorithm that can detect stepping-stone intrusion. The theoretical analysis of this algorithm shows that it can completely resist intruder’s time-jittering evasion. The results of the experiments and the simulation show that this algorithm can also resist intruders’ chaff-perturbation with chaff-rate up to 80%. Compared with A. Blum’s approach, which can resist chaff-perturbation with every x inserted packets out of 8*(x+1), this approach has promising performance in terms of resistance to intruders’ manipulation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zhang, Y., Paxson, V.: Detecting Stepping Stones. In: Proc. of the 9th USENIX Security Symposium, Denver, CO, USA, pp. 171–184 (2000)
Yung, K.H.: Detecting Long Connecting Chains of Interactive Terminal Sessions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 1–16. Springer, Heidelberg (2002)
Staniford-Chen, S., Todd Heberlein, L.: Holding Intruders Accountable on the Internet. In: Proc. IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 39–49 (1995)
Yoda, K., Etoh, H.: Finding Connection Chain for Tracing Intruders. In: LCTES 2000. LNCS, vol. 1985, pp. 31–42. Springer, Heidelberg (2000)
Yang, J., Huang, S.: Matching TCP Packets and Its Application to the Detection of Long Connection Chains. In: Proceedings (IEEE) of 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China, pp. 1005–1010 (2005)
Donoho, D.L., et al.: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Proceedings of International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, pp. 45–59 (2002)
Blum, A., Song, D., Venkataraman, S.: Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds. In: Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France, pp. 20–35 (2004)
Yang, J., Huang, S., Wan, M.: A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection. In: Proceedings of 20th IEEE International Conference on Advanced Information Networking and Applications (AINA 2006), Vienna, Austria, vol. 1, pp. 231–236 (2006)
Yang, J., Huang, S.: Probabilistic Analysis of an Algorithm to Compute TCP Packet Round-Trip Time for Intrusion Detection. Journal of Computers and Security, Elsevier Ltd. 26, 137–144 (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, J., Lee, B. (2008). Detecting Stepping-Stone Intrusion and Resisting Evasion through TCP/IP Packets Cross-Matching. In: Rong, C., Jaatun, M.G., Sandnes, F.E., Yang, L.T., Ma, J. (eds) Autonomic and Trusted Computing. ATC 2008. Lecture Notes in Computer Science, vol 5060. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69295-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-69295-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69294-2
Online ISBN: 978-3-540-69295-9
eBook Packages: Computer ScienceComputer Science (R0)