Algorithms for clustering data
Algorithms for clustering data
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A real-time algorithm to detect long connection chains of interactive terminal sessions
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Detecting long connection Chains of interactive terminal sessions
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
| Hi-index | 0.00 |
Most network intruders launch their attacks through a chain of compromised hosts (stepping-stones) to reduce the risks of being detected or captured. Detecting such kind of attacks is important and difficult because of intruders' evasion to detection, such as time perturbation, and chaff perturbation. In this paper, we propose a clustering algorithm to detect stepping-stone intrusion based on TCP packet round-trip time to estimate the downstream length of an interactive terminal session and give its resistibility to intruders' evasion. The analysis and simulation results show that this algorithm can detect stepping-stone intrusion without false alarm, and low misdetection. It can resist to intruders' time perturbation completely, as well as chaff perturbation to a certain extent.