Title :
Using Dynamic Programming Techniques to Detect Multi-hop Stepping-Stone Pairs in a Connection Chain
Author :
Kuo, Ying-Wei ; Huang, Shou-Hsuan Stephen ; Ding, Wei ; Kern, Rebecca ; Yang, Jianhua
Author_Institution :
Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA
Abstract :
Stepping-stone attack in network intrusion detection are attackers who use a sequence of intermediate (or so called stepping-stone) hosts to initiate attacks in order to hide their origins. We investigate a number of dynamic programming based pattern recognition approaches and our novel algorithm for detecting correlation and similarity of two connections not only into and out of a single stepping stone host(consecutive streams), but also across multiple stepping-stone hosts. The goal of this paper is to find out which technique can be better adopted for detection applications. To evaluate their accuracy and efficiency, we conduct extensive experiments. We also evaluate how chaff packets and time skew may affect these methods. We compare the results from five methods with their false positive and false negative rates. We demonstrate that our proposed approach named OSSM returns very good performance even under a variety of complex circumstances.
Keywords :
dynamic programming; pattern recognition; security of data; OSSM; chaff packets; connection chain; correlation; dynamic programming techniques; multihop stepping stone pairs; network intrusion detection; pattern recognition approaches; stepping stone attack; time skew; Application software; Computer science; Cryptography; Data mining; Delta modulation; Dynamic programming; Intrusion detection; Pattern matching; Pattern recognition; Protection; Stepping-stone attack; intrusion detection; network security; pattern recognition;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on
Conference_Location :
Perth, WA
Print_ISBN :
978-1-4244-6695-5
DOI :
10.1109/AINA.2010.132
