{"title":"用快速傅里叶变换分析分组往返时间分布","authors":"Dr. Lixin Wang, Dr. Jianhua Yang, Maochang Qin","doi":"10.58346/jowua.2023.i3.009","DOIUrl":null,"url":null,"abstract":"Hackers usually send attacking commands through compromised hosts, called stepping-stones, for the purpose of decreasing the chance of being discovered. An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain. This type of detection method is referred to as the network-based SSID (NSSID). All the existing NSSID approaches use the distribution of packet round-trip times (RTTs) to estimate the length of a connection chain. In this paper, we explore a novel approach – Fast Fourier Transformation (FFT) to analyze the distribution of packet RTTs. We first capture network packets from different stepping-stones in a connection chain, identify and match the Send and Echo packets in each stepping-stone. Packet RTTs can be obtained from matched pairs of packets. We then apply the FFT interpolation method to obtain a RTT time function and finally conduct FFT transformation to the RTT function in each stepping-stone host. Finally, we conduct a complete FFT analysis for the distribution of packet RTTs and present the FFT analysis results in this paper.","PeriodicalId":38235,"journal":{"name":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Analyzing Distribution of Packet Round-Trip Times using Fast Fourier Transformation\",\"authors\":\"Dr. Lixin Wang, Dr. Jianhua Yang, Maochang Qin\",\"doi\":\"10.58346/jowua.2023.i3.009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Hackers usually send attacking commands through compromised hosts, called stepping-stones, for the purpose of decreasing the chance of being discovered. An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain. This type of detection method is referred to as the network-based SSID (NSSID). All the existing NSSID approaches use the distribution of packet round-trip times (RTTs) to estimate the length of a connection chain. In this paper, we explore a novel approach – Fast Fourier Transformation (FFT) to analyze the distribution of packet RTTs. We first capture network packets from different stepping-stones in a connection chain, identify and match the Send and Echo packets in each stepping-stone. Packet RTTs can be obtained from matched pairs of packets. We then apply the FFT interpolation method to obtain a RTT time function and finally conduct FFT transformation to the RTT function in each stepping-stone host. Finally, we conduct a complete FFT analysis for the distribution of packet RTTs and present the FFT analysis results in this paper.\",\"PeriodicalId\":38235,\"journal\":{\"name\":\"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications\",\"volume\":\"42 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.58346/jowua.2023.i3.009\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.58346/jowua.2023.i3.009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}
Analyzing Distribution of Packet Round-Trip Times using Fast Fourier Transformation
Hackers usually send attacking commands through compromised hosts, called stepping-stones, for the purpose of decreasing the chance of being discovered. An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain. This type of detection method is referred to as the network-based SSID (NSSID). All the existing NSSID approaches use the distribution of packet round-trip times (RTTs) to estimate the length of a connection chain. In this paper, we explore a novel approach – Fast Fourier Transformation (FFT) to analyze the distribution of packet RTTs. We first capture network packets from different stepping-stones in a connection chain, identify and match the Send and Echo packets in each stepping-stone. Packet RTTs can be obtained from matched pairs of packets. We then apply the FFT interpolation method to obtain a RTT time function and finally conduct FFT transformation to the RTT function in each stepping-stone host. Finally, we conduct a complete FFT analysis for the distribution of packet RTTs and present the FFT analysis results in this paper.
期刊介绍:
JoWUA is an online peer-reviewed journal and aims to provide an international forum for researchers, professionals, and industrial practitioners on all topics related to wireless mobile networks, ubiquitous computing, and their dependable applications. JoWUA consists of high-quality technical manuscripts on advances in the state-of-the-art of wireless mobile networks, ubiquitous computing, and their dependable applications; both theoretical approaches and practical approaches are encouraged to submit. All published articles in JoWUA are freely accessible in this website because it is an open access journal. JoWUA has four issues (March, June, September, December) per year with special issues covering specific research areas by guest editors.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
