• DocumentCode
    511666
  • Title

    A New Model to Detect Stepping-Stone Intrusion

  • Author

    Yang, Jianhua ; Zhang, Yongzhong

  • Author_Institution
    TSYS Comput. Sci. Dept., Columbus State Univ., Columbus, GA, USA
  • Volume
    1
  • fYear
    2009
  • fDate
    28-30 Oct. 2009
  • Firstpage
    584
  • Lastpage
    588
  • Abstract
    Most researchers do not distinguish stepping-stone detection and stepping-stone intrusion detection, thus introduce more false positive errors in detecting stepping-stone intrusion. Those approaches proposed to detect stepping-stone intrusion are vulnerable to intruders´ evasion. In this paper we analyze the problems of the current model used to detect stepping-stone, and propose a new model based on computing the length of an interactive TCP/IP session to detect stepping-stone intrusion. Besides the advantage of low false positive rate, we demonstrate that an approach based on the new model can resist intruders´ evasion, such as time-jittering, and chaff-perturbation.
  • Keywords
    computer network security; transport protocols; chaff-perturbation; interactive TCP/IP; stepping-stone intrusion detection; time-jittering; Computer errors; Computer networks; Computer science; Cryptography; Delay; Educational institutions; Intrusion detection; Resists; TCPIP; Technology management; Stepping-stone; chaff-perturbation; downstream length; intrusion detection; network security; time-jittering; upstream length;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Engineering, 2009. WCSE '09. Second International Workshop on
  • Conference_Location
    Qingdao
  • Print_ISBN
    978-0-7695-3881-5
  • Type

    conf

  • DOI
    10.1109/WCSE.2009.737
  • Filename
    5403398
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=511666