Title :
Detect Stepping-Stone Insider Attacks by Network Traffic Mining and Dynamic Programming
Author :
Yang, Jianhua ; Ray, Lydia ; Zhao, Guoqing
Author_Institution :
TSYS Sch. of Comput. Sci., Columbus State Univ., Columbus, GA, USA
Abstract :
Stepping-stone is the most popular way used to attack other computers. Some insiders use stepping-stone to launch their attacks pretending to be outsiders. In this paper, we propose a novel algorithm to detect stepping-stone insider attacks through comparing outgoing and incoming connections. We modify the existing packet matching algorithm by introducing sliding window to make the algorithm more efficient and practicable. The algorithm to compute the similarity between two time-pair sequences through finding the longest common sub sequence is proposed. The stepping-stone insider attacks detection algorithm is easy to be implemented and to use since there is no threshold needed. The experimental results showed the effectiveness of the algorithm to detect stepping-stone insider attacks.
Keywords :
data mining; dynamic programming; security of data; telecommunication traffic; dynamic programming; network traffic mining; packet matching algorithm; sliding window; stepping-stone insider attack detection; time-pair sequences; Algorithm design and analysis; Clustering algorithms; Computers; Data mining; Dynamic programming; Markov processes; Sensors; Network security; chaff-perturbation; insider detection; masquerader; stepping-stone; time-jittering; traitor;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on
Conference_Location :
Biopolis
Print_ISBN :
978-1-61284-313-1
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2011.33
