Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
TCP/IP Protocol Suite
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Detecting long connection Chains of interactive terminal sessions
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Neural networks-based detection of stepping-stone intrusion
Expert Systems with Applications: An International Journal
An efficient TCP/IP packet matching algorithm to detect stepping-stone intrusion
2009 Information Security Curriculum Development Conference
Resistance analysis to intruders' evasion of detecting intrusion
ISC'06 Proceedings of the 9th international conference on Information Security
Resistance analysis to intruders’ evasion of a novel algorithm to detect stepping-stone
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Hi-index | 0.00 |
Most computer intruders usually chain many computers so as to hide themselves before launching an attack on a target computer. One way to stop such attacks is to prevent the hackers from using computers as stepping-stones for their attack. In this paper, we propose an algorithm to detect the length of the connection chain. By monitoring packets of outgoing and incoming connections, we are able to compute the roundtrip time gap between a client's "request" and the server's "reply." From the changes in the gaps, we can estimate the number of hosts from the current machine to the destination machine. Our algorithm has two advantages compare to the previous results [3]: (1) the estimation of the connection chain is more accurate, and (2) the algorithm can be used in real-time to detect long connection chains.