Title :
A Signal Processing Perspective to Stepping-stone Detection
Author :
He, Ting ; Tong, Lang
Author_Institution :
Sch. of Electr. & Comput. Eng., Cornell Univ., Ithaca, NY
Abstract :
Malicious use of anonymity techniques makes network attackers difficult to track. The problem is even worse in stepping-stone attacks, where multiple anonymous connections are linked to form an intrusion path. The tracking of a stepping-stone attacker requires the detection of all the connection pairs on the intrusion path. In this paper, we consider the problem of identifying a stepping-stone connection pair at an intermediate host. We formulate the problem as one of nonparametric hypotheses testing. Our attacker model allows the attacker to encrypt the traffic and modify the timing. We propose two algorithms which do not depend on the content of the traffic. Our techniques only make generic assumptions such as delay or memory constraints, and therefore they are applicable in most practical systems. We show that our algorithms can detect all the stepping-stone connections while falsely accusing normal traffic with exponentially-decaying probabilities.
Keywords :
computer networks; cryptography; probability; security of data; signal processing; telecommunication security; telecommunication traffic; anonymity technique; exponentially-decaying probability; generic assumption; intrusion path; multiple anonymous connection; network attacker; nonparametric hypotheses testing; signal processing; stepping-stone detection; tracking; traffic encryption; Cryptography; Delay; Government; Helium; Intrusion detection; Signal processing; Signal processing algorithms; Telecommunication traffic; Timing; Traffic control; Intrusion detection; Network security; Nonparametric detection; Point processes;
Conference_Titel :
Information Sciences and Systems, 2006 40th Annual Conference on
Conference_Location :
Princeton, NJ
Print_ISBN :
1-4244-0349-9
Electronic_ISBN :
1-4244-0350-2
DOI :
10.1109/CISS.2006.286555
