监控网络流量检测踏脚石入侵

22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008) Pub Date : 2008-03-25 DOI:10.1109/WAINA.2008.30

Jianhua Yang, Byong Lee, Stephen S. H. Huang

{"title":"监控网络流量检测踏脚石入侵","authors":"Jianhua Yang, Byong Lee, Stephen S. H. Huang","doi":"10.1109/WAINA.2008.30","DOIUrl":null,"url":null,"abstract":"Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an incoming connection and the one of an outgoing connection is bounded. One weakness of this method is in resisting intruders' evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum's approach in terms of resisting intruders' chaff perturbation.","PeriodicalId":170418,"journal":{"name":"22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Monitoring Network Traffic to Detect Stepping-Stone Intrusion\",\"authors\":\"Jianhua Yang, Byong Lee, Stephen S. H. Huang\",\"doi\":\"10.1109/WAINA.2008.30\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an incoming connection and the one of an outgoing connection is bounded. One weakness of this method is in resisting intruders' evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum's approach in terms of resisting intruders' chaff perturbation.\",\"PeriodicalId\":170418,\"journal\":{\"name\":\"22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008)\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2008.30\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2008.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

大多数网络入侵者倾向于使用踏脚石攻击或入侵其他主机，以降低被发现的风险。自1995年以来，已经提出了许多方法来检测踏脚石。A. Blum提出的其中一种方法是通过检查传入连接和传出连接的发送数据包数量之间的差异是否有界来检测踏脚石。这种方法的一个缺点是不能抵抗入侵者的逃避，如箔条摄动。本文提出了一种基于随机游走理论的踏脚石入侵检测方法。理论分析表明，该方法比Blum方法更有效地抵抗了干扰的箔条扰动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Monitoring Network Traffic to Detect Stepping-Stone Intrusion

Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an incoming connection and the one of an outgoing connection is bounded. One weakness of this method is in resisting intruders' evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum's approach in terms of resisting intruders' chaff perturbation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008)

自引率

0.00%

发文量

期刊最新文献

Automated Metadata Generation and its Application to Biological Association Extraction Towards a Usenet-Like Discussion System for Users of Disconnected MANETs A New Centroid-Based Classifier for Text Categorization Explaining Answers from Agent Communication of Semantic Web Information Parallel Computing of CG Using an Open Source Windows Grid