Explore Utilizing Network Traffic Distribution to Detect Stepping-Stone Intrusion

被引:0
|
作者
Yang, Jianhua [1 ]
Wang, Lixin [1 ]
机构
[1] Columbus State Univ, TSYS Sch Comp Sci, Columbus, GA 31907 USA
来源
ELECTRONICS | 2024年 / 13卷 / 16期
关键词
stepping-stone intrusion; downstream detection; round-trip time; standard deviation of RTT; network traffic distribution;
D O I
10.3390/electronics13163258
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In the past three decades, stepping-stone intrusion has become a professional and primary way used by intruders to launch their attacks since they can be protected behind a long TCP connection chain. Many different algorithms have been proposed to detect stepping-stone intrusion since 1995. But most algorithms cannot resist intruders' session manipulation. In this paper, we propose a novel approach using the distribution of round-trip time (RTT) of network traffic to detect stepping-stone intrusion. This approach can resist intruders' chaff-perturbation since the round-trip time of network packets can fairly be affected by chaffed packets. The ratio between the standard deviation of the RTTs between Send and Echo packets and the standard deviation of the RTTs between Send and Ack packets can be used to predict if a stepping-stone intrusion exists. The closer to 0 the ratio, the more suspicious a stepping-stone intrusion.
引用
收藏
页数:16
相关论文
共 43 条
  • [31] Seeing the Attack Paths: Improved Flow Correlation Scheme in Stepping-Stone Intrusion
    Chen, Zixuan
    Zheng, Chao
    Li, Zhao
    Shi, Jinqiao
    Li, Zeyu
    PROCEEDINGS OF THE 2024 27 TH INTERNATIONAL CONFERENCE ON COMPUTER SUPPORTED COOPERATIVE WORK IN DESIGN, CSCWD 2024, 2024, : 2110 - 2115
  • [32] The distribution of the ancestral haplotype in finite stepping-stone models with population expansion
    Satta, Y
    Takahata, N
    MOLECULAR ECOLOGY, 2004, 13 (04) : 877 - 886
  • [33] A Framework to Test Resistency of Detection Algorithms for Stepping-Stone Intrusion on Time-Jittering Manipulation
    Wang, Lixin
    Yang, Jianhua
    Workman, Michael
    Wan, Peng-Jun
    WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2021, 2021
  • [34] Online Sketching of Network Flows for Real-Time Stepping-Stone Detection
    Coskun, Baris
    Memon, Nasir
    25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 2009, : 473 - 483
  • [35] Detecting stepping-stone intrusion and resisting evasion through TCP/IP packets cross-matching
    Yang, Jianhua
    Lee, Byong
    AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, 2008, 5060 : 2 - 12
  • [36] Using Dynamic Programming Techniques to Detect Multi-Hop Stepping-Stone Pairs in a Connection Chain
    Kuo, Ying-Wei
    Huang, Shou-Hsuan Stephen
    Ding, Wei
    Kern, Rebecca
    Yang, Jianhua
    2010 24TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2010, : 198 - 205
  • [37] An Effective Approach for Stepping-Stone Intrusion Detection Resistant to Intruders' Chaff-Perturbation via Packet Crossover
    Wang, Lixin
    Yang, Jianhua
    Kim, Jae
    Wan, Peng-Jun
    ELECTRONICS, 2023, 12 (18)
  • [38] Stepping-stone expansion and habitat loss explain a peculiar genetic structure and distribution of a forest insect
    Cassel-Lundhagen, Anna
    Ronnas, Cecilia
    Battisti, Andrea
    Wallen, Johan
    Larsson, Stig
    MOLECULAR ECOLOGY, 2013, 22 (12) : 3362 - 3375
  • [39] Analyze University Network Traffic to Explore Usage Behaviour and to Detect Malicious Activities
    Gill, Harleen Kaur
    Singh, Maninder
    2015 1ST INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2015, : 686 - 691
  • [40] Data are inadequate to test whale falls as chemosynthetic stepping-stones using network analysis: faunal overlaps do support a stepping-stone role
    Smith, Craig R.
    Amon, Diva J.
    Higgs, Nicholas D.
    Glover, Adrian G.
    Young, Emily L.
    PROCEEDINGS OF THE ROYAL SOCIETY B-BIOLOGICAL SCIENCES, 2017, 284 (1863)
12345