Title :
Detecting stepping-stones under the influence of packet jittering
Author :
Wei Ding ; Khoa Le ; Huang, Shou-Hsuan Stephen
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
Abstract :
Hackers often use a chain of intermediate stepping-stone hosts to hide their identity before launching an attack. This type of stepping-stone attack can be detected by applying timing-based correlation algorithms on the connections in and out of a host. However, hackers can add chaff packets or jitter the original packets to decrease the detection rate of these correlation algorithms. This paper proposes a novel method to detect intrusions under the influence of packet jittering. Our study shows how the distribution of the inter-arrival time gaps of a jittered connection differs from connections without jittering. We study the impact of the jittering probability model on the detection rate as well as parameters of the model upon the detection rate. Our study suggests a way to detect stepping-stones and complements the existing correlation-based stepping-stone detection algorithms to form a much more robust solution.
Keywords :
computer crime; jitter; probability; chaff packets; correlation-based stepping-stone detection algorithm; hackers; identity hiding; interarrival time gap distribution; intermediate stepping-stone hosts; intrusion detection; jittered connection; jittering probability model; packet jittering; stepping-stone attack detection; timing-based correlation algorithm; Correlation; Market research; Monitoring; Standards; Training; intrusion detection; network security; packet jittering; stepping-stone;
Conference_Titel :
Information Assurance and Security (IAS), 2013 9th International Conference on
Conference_Location :
Gammarth
Print_ISBN :
978-1-4799-2989-4
DOI :
10.1109/ISIAS.2013.6947729
