{"title":"Detecting stepping-stones under the influence of packet jittering","authors":"Wei Ding, Khoa N. Le, S. S. Huang","doi":"10.1109/ISIAS.2013.6947729","DOIUrl":null,"url":null,"abstract":"Hackers often use a chain of intermediate stepping-stone hosts to hide their identity before launching an attack. This type of stepping-stone attack can be detected by applying timing-based correlation algorithms on the connections in and out of a host. However, hackers can add chaff packets or jitter the original packets to decrease the detection rate of these correlation algorithms. This paper proposes a novel method to detect intrusions under the influence of packet jittering. Our study shows how the distribution of the inter-arrival time gaps of a jittered connection differs from connections without jittering. We study the impact of the jittering probability model on the detection rate as well as parameters of the model upon the detection rate. Our study suggests a way to detect stepping-stones and complements the existing correlation-based stepping-stone detection algorithms to form a much more robust solution.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 9th International Conference on Information Assurance and Security (IAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2013.6947729","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Hackers often use a chain of intermediate stepping-stone hosts to hide their identity before launching an attack. This type of stepping-stone attack can be detected by applying timing-based correlation algorithms on the connections in and out of a host. However, hackers can add chaff packets or jitter the original packets to decrease the detection rate of these correlation algorithms. This paper proposes a novel method to detect intrusions under the influence of packet jittering. Our study shows how the distribution of the inter-arrival time gaps of a jittered connection differs from connections without jittering. We study the impact of the jittering probability model on the detection rate as well as parameters of the model upon the detection rate. Our study suggests a way to detect stepping-stones and complements the existing correlation-based stepping-stone detection algorithms to form a much more robust solution.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
