Artificial intelligence: a modern approach
Artificial intelligence: a modern approach
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A real-time algorithm to detect long connection chains of interactive terminal sessions
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
Detecting Stepping-Stone with Chaff Perturbations
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Detecting long connection Chains of interactive terminal sessions
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
ISNN'10 Proceedings of the 7th international conference on Advances in Neural Networks - Volume Part II
Hi-index | 12.05 |
When network intruders launch attacks to a victim host, they try to avoid revealing their identities by indirectly connecting to the victim through a sequence of intermediary hosts, called stepping-stones. One effective stepping-stone detection mechanism is to detect such a long connection chain by estimating the number of stepping-stones. Artificial neural networks provide the potential to identify and classify network activities. In this paper, we propose an approach that utilizes the analytical strengths of neural networks to detect stepping-stone intrusion. Two schemes are developed for neural network investigation. One uses eight packet variables and the other clusters a sequence of consecutive packet round-trip times. The experimental results show that using neural networks as the detection tool works well to predict the number of stepping-stones for incoming packets by both proposed schemes through monitoring a connection chain with a few packets. In addition, various transfer functions and learning rules are studied and it is observed that using Sigmoid transfer function and Delta learning rule generally provides better prediction.