An Effective Approach for Stepping-Stone Intrusion Detection Resistant to Intruders’ Chaff-Perturbation via Packet Crossover-Reference-Cited by-同舟云学术

An Effective Approach for Stepping-Stone Intrusion Detection Resistant to Intruders’ Chaff-Perturbation via Packet Crossover

Published:2023-09-12 Issue:18 Volume:12 Page:3855
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Wang Lixin¹,Yang Jianhua¹^ORCID,Kim Jae¹,Wan Peng-Jun²

Affiliation:

1. TSYS School of Computer Science, Columbus State University, Columbus, GA 31907, USA

2. Department of Computer Science, Illinois Institute of Technology, Chicago, IL 60616, USA

Abstract

Today’s intruders usually send attacking commands to a target system through several stepping-stone hosts, for the purpose of decreasing the probability of being caught. Using stepping-stone intrusion (SSI), the intruder’s identity is very difficult to discover as it is concealed by a long interactive connection chain of hosts. An effective approach for SSI detection (SSID) is to determine how many connections are contained in a connection chain. This type of method is called network-based SSID. Most existing network-based SSID only worked for network traffic without intruders’ session manipulation. These known SSID algorithms are either weak to resist intruders’ chaff-perturbation manipulation or have very limited capability in resisting attacker’s session manipulation. This paper develops a novel network-based SSID algorithm resistant to intruders’ chaff-perturbation by using packet crossover. The SSID approach proposed in this paper is simple and easy to implement as the number of packet crossovers can be easily computed. Our proposed algorithm is verified by rigorous technical proofs as well as well-designed network experiments. Our experimental results show that the proposed SSID algorithm works effectively and perfectly in resisting intruders’ chaff-perturbation up to a chaff rate of 50%.

Funder

National Security Agency NCAE-C Research

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/18/3855/pdf

Reference17 articles.

1. Staniford-Chen, S., and Heberlein, L.T. (1995, January 8–10). Holding Intruders Accountable on the Internet. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.

2. Blum, A., Song, D., and Venkataraman, A.S. (2004, January 15–17). Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds. Proceedings of the International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France.

3. Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., and Staniford, S. (2002, January 16–18). Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), Zurich, Switzerland.

4. Zhang, Y., and Paxson, V. (2000, January 14–17). Detecting Stepping-Stones. Proceedings of the 9th USENIX Security Symposium, Denver, CO, USA.

5. Mathew, B. (1995, January 10–13). UNIX security: Threats and solutions. Proceedings of the 1995 System Administration, Networking, and Security Conference, Washington, DC, USA.