Title :
Matching TCP/IP Packets to Resist Stepping-Stone Intruders´ Evasion
Author :
Ni, Lonig ; Yang, Jianihua ; Zhang, Rani ; Song, David Y.
Author_Institution :
North Carolina A & T State Univ., Greensboro
Abstract :
Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an incoming connection and that of an outgoing connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders´ evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders´ evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders´ chaff perturbation and time jittering evasion.
Keywords :
jitter; pattern matching; telecommunication security; transport protocols; TCP/IP packet matching; chaff perturbation; network intruders; stepping-stone detection; stepping-stone intruders evasion; time jittering evasion; Cryptography; Delay; Monitoring; Protocols; Relays; Resists; TCPIP; Tellurium;
Conference_Titel :
System Theory, 2008. SSST 2008. 40th Southeastern Symposium on
Conference_Location :
New Orleans, LA
Print_ISBN :
978-1-4244-1806-0
Electronic_ISBN :
0094-2898
DOI :
10.1109/SSST.2008.4480191
