Neural networks-based detection of stepping-stone intrusion

Authors:
Han-Ching Wu;Shou-Hsuan Stephen Huang
Affiliations:
Department of Computer Science, University of Houston, Houston, TX 77204, USA;Department of Computer Science, University of Houston, Houston, TX 77204, USA
Venue:
Expert Systems with Applications: An International Journal
Year:
2010

Citing 11
Cited 1

Artificial intelligence: a modern approach

Artificial intelligence: a modern approach
Finding a Connection Chain for Tracing Intruders

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Holding intruders accountable on the Internet

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A real-time algorithm to detect long connection chains of interactive terminal sessions

InfoSecu '04 Proceedings of the 3rd international conference on Information security
Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
Detecting Stepping-Stone with Chaff Perturbations

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Detecting stepping stones

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Learning program behavior profiles for intrusion detection

ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Detecting long connection Chains of interactive terminal sessions

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Classification of malicious software behaviour detection with hybrid set based feed forward neural network

ISNN'10 Proceedings of the 7th international conference on Advances in Neural Networks - Volume Part II

Quantified Score

Hi-index	12.05

Visualization

Abstract

When network intruders launch attacks to a victim host, they try to avoid revealing their identities by indirectly connecting to the victim through a sequence of intermediary hosts, called stepping-stones. One effective stepping-stone detection mechanism is to detect such a long connection chain by estimating the number of stepping-stones. Artificial neural networks provide the potential to identify and classify network activities. In this paper, we propose an approach that utilizes the analytical strengths of neural networks to detect stepping-stone intrusion. Two schemes are developed for neural network investigation. One uses eight packet variables and the other clusters a sequence of consecutive packet round-trip times. The experimental results show that using neural networks as the detection tool works well to predict the number of stepping-stones for incoming packets by both proposed schemes through monitoring a connection chain with a few packets. In addition, various transfer functions and learning rules are studied and it is observed that using Sigmoid transfer function and Delta learning rule generally provides better prediction.