Title :
Resist Intruders´ Manipulation via Context-Based TCP/IP Packet Matching
Author :
Zhang, Yongzhong ; Yang, Jianhua ; Bediga, Santhoshkumar ; Huang, Stephen S -H
Author_Institution :
Coll. of Manage., Univ. of Shanghai for Sci. & Technol., Shanghai, China
Abstract :
Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade stepping-stone intrusion detection. Intruders´ evasion makes detecting stepping-stone intrusion more difficult. In this paper, we propose a new approach, context-based TCP/IP packet matching, to detect stepping-stone intrusion, as well as resisting intruders´ evasion. The analysis shows that this approach can resist intruders´ time-jittering evasion. The simulation results showed even an intruder could chaff a connection with chaff-rate as high as 100%, this approach can still match the two connections to detect the intrusion and to resist intruders´ chaff-perturbation evasion.
Keywords :
computer network security; transport protocols; context-based TCP/IP packet matching; intruder evasion; intruders manipulation; intrusion detection; stepping stones intrusion; time jittering evasion; Application software; Computer science; Cryptography; Educational institutions; Intrusion detection; Protection; Relays; Resists; TCPIP; USA Councils; Network security; chaff-perturbation; evasion; intrusion detection; manipulation; stepping-stone; time-jittering;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on
Conference_Location :
Perth, WA
Print_ISBN :
978-1-4244-6695-5
DOI :
10.1109/AINA.2010.12
