Detecting Stepping-Stone Intrusion and Resisting Intruders’ Manipulation via Cross-Matching Network Traffic and Random Walk-Reference-Cited by-同舟云学术

Detecting Stepping-Stone Intrusion and Resisting Intruders’ Manipulation via Cross-Matching Network Traffic and Random Walk

Published:2023-01-12 Issue:2 Volume:12 Page:394
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Yang Jianhua^ORCID,Wang Lixin,Qin Maochang,Neundorfer Noah

Abstract

Attackers can exploit compromised hosts to launch attacks over the Internet. This protects an intruder, placing them behind a long connection chain consisting of multiple compromised hosts. Such attacks are called stepping-stone intrusions. Many algorithms have been proposed to detect stepping-stone intrusions, but most detection algorithms are weak in resisting intruders’ session manipulation, such as chaff-perturbation. This paper proposes a novel detection algorithm: Packet Cross-Matching and RTT-based two-dimensional random walk. Theoretical proof shows network traffic cross matching can be effective in resisting attackers’ chaff attack. Our experimental results over the AWS cloud show that the proposed algorithm can resist attackers’ chaff attacks up to a chaff rate of 100%.

Funder

National Security Agency

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/2/394/pdf

Reference21 articles.

1. Zhang, Y., and Paxson, V. (2000, January 14–17). Detecting Stepping-Stones. Proceedings of the 9th USENIX Security Symposium, Denver, CO, USA.

2. Chen, S.S., and Heberlein, L.T. (1995, January 8–10). Holding Intruders Accountable on the Internet. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA.

3. Yoda, K., and Etoh, H. (2000, January 4–6). Finding Connection Chain for Tracing Intruders. Proceedings of the 6th European Symposium on Research in Computer Security, Toulouse, France.

4. Donoho, D.L., Flesia, A., Shankar, U., Paxson, V., Coit, J., and Staniford, S. (2002, January 16–18). Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland.

5. Blum, A., Song, D., and Venkataraman, S. (2004, January 15–17). Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds. Proceedings of the International Symposium on Recent Advance in Intrusion Detection, Sophia Antipolis, France.