Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Digital watermarking
The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage
The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
The loop fallacy and serialization in tracing intrusion connections through stepping stones
Proceedings of the 2004 ACM symposium on Applied computing
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
CAPTRA: coordinated packet traceback
Proceedings of the 5th international conference on Information processing in sensor networks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
International Journal of Security and Networks
A First Step towards Live Botmaster Traceback
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Multi-flow attacks against network flow watermarking schemes
SS'08 Proceedings of the 17th conference on Security symposium
De-anonymizing the internet using unreliable IDs
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
Robust Detection of Unauthorized Wireless Access Points
Mobile Networks and Applications
Timing-based localization of in-band wormhole tunnels in MANETs
Proceedings of the third ACM conference on Wireless network security
A performance analysis of authentication using covert timing channels
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Authentication in 802.11 LANs using a covert side channel
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Evading stepping-stone detection under the cloak of streaming media with SNEAK
Computer Networks: The International Journal of Computer and Telecommunications Networking
Slotted packet counting attacks on anonymity protocols
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Traffic analysis against low-latency anonymity networks using available bandwidth estimation
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Packet scheduling against stepping-stone attacks with chaff
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Exposing invisible timing-based traffic watermarks with BACKLIT
Proceedings of the 27th Annual Computer Security Applications Conference
An interval centroid based spread spectrum watermarking scheme for multi-flow traceback
Journal of Network and Computer Applications
Scope of forensics in grid computing – vision and perspectives
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Resistance analysis to intruders’ evasion of a novel algorithm to detect stepping-stone
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Constructing correlations in attack connection chains using active perturbation
AAIM'05 Proceedings of the First international conference on Algorithmic Applications in Management
Constructing correlations of perturbed connections under packets loss and disorder
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Rate-Based watermark traceback: a new approach
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Probabilistic proof of an algorithm to compute TCP packet round-trip time for intrusion detection
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Finding TCP packet round-trip time for intrusion detection: algorithm and analysis
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
An 802.11 MAC layer covert channel
Wireless Communications & Mobile Computing
Unsupervised and nonparametric detection of information flows
Signal Processing
New attacks on timing-based network flow watermarks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
A new cell-counting-based attack against Tor
IEEE/ACM Transactions on Networking (TON)
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Cloak: a ten-fold way for reliable covert communications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Stepping-stone detection via request-response traffic analysis
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
BotMosaic: Collaborative network watermark for the detection of IRC-based botnets
Journal of Systems and Software
Protocol-level attacks against Tor
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel sequential watermark detection model for efficient traceback of secret network attack flows
Journal of Network and Computer Applications
How to block Tor's hidden bridges: detecting methods and countermeasures
The Journal of Supercomputing
| Hi-index | 0.00 |
Network based intruders seldom attack directly from their own hosts, but rather stage their attacks through intermediate "stepping stones" to conceal their identity and origin. To identify attackers behind stepping stones, it is necessary to be able to correlate connections through stepping stones, even if those connections are encrypted or perturbed by the intruder to prevent traceability.The timing-based approach is the most capable and promising current method for correlating encrypted connections. However, previous timing-based approaches are vulnerable to packet timing perturbations introduced by the attacker at stepping stones. In this paper, we propose a novel watermark-based correlation scheme that is designed specifically to be robust against timing perturbations. The watermark is introduced by slightly adjusting the timing of selected packets of the flow. By utilizing redundancy techniques, we have developed a robust watermark correlation framework that reveals a rather surprising result on the inherent limits of independent and identically distributed (iid) random timing perturbations over sufficiently long flows. We also identify the tradeoffs between timing perturbation characteristics and achievable correlation effectiveness. Experiments show that the new method performs significantly better than existing, passive, timing-based correlation in the presence of random packet timing perturbations.