Online Tracing Scanning Worm with Sliding Window
Information Security and Cryptology
Online Accumulation: Reconstruction of Worm Propagation Path
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
A performance analysis of authentication using covert timing channels
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Packet scheduling against stepping-stone attacks with chaff
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Resistance analysis to intruders’ evasion of a novel algorithm to detect stepping-stone
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Constructing correlations of perturbed connections under packets loss and disorder
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
Interval-based flow watermarking for tracing interactive traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Unsupervised and nonparametric detection of information flows
Signal Processing
Hi-index | 0.00 |
Network intruders usually launch their attacks through a chain of intermediate stepping stone hosts in order to hide their identities. Detecting such stepping stone attacks isdifficult because packet encryption, timing perturbations, and meaningless chaff packets can all be utilized by attackers to evade from detection. In this paper, we propose a method based on packet matching and timing-based active watermarking that can successfully correlate interactive stepping stone connections even if there are chaff packets and limited timing perturbations. We provide several algorithms that have different trade-offs among detection rate, false positive rate and computation cost. Our experimental evaluation with both real world and synthetic data indicates that by integrating packet matching and active watermarking, our approach has overall better performance than existing schemes.