Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Proceedings of the 10th ACM conference on Computer and communications security
Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hi-index | 0.00 |
We consider scheduling packet transmissions in a network so that the efficiency of stepping-stone attacks can be severely restrained with the help of stepping-stone monitors. We allow the attacker to encrypt and pad the packets, perturb the timing of packets, and insert chaff packets, but the timing perturbation is subject to a maximum delay constraint. We show that if we randomize packet transmissions, then the attacker has to insert a large amount of chaff to evade detection completely. In particular, if all transmissions are scheduled as Poisson processes, then the fraction of attacking packets in the attacker's traffic decreases exponentially with the length of the intrusion path.