Stepping-Stone Detection Via Request-Response Traffic Analysis
نویسندگان
چکیده
In this paper, we develop an algorithm that may be used as a stepping-stone detection tool. Our approach is based on analyzing correlations between the cumulative number of packets sent in outgoing connections and that of the incoming connections. We present a study of our method’s effectiveness with actual connections as well as simulations of time-jittering (introduction of inter-packet delay) and chaff (introduction of superfluous packets). Experimental results suggest that our algorithm works well in the following scenarios: (1) distinguishing connection chains that go through the same stepping stone host and carry traffic of users who perform similar operations at the same time; and (2) distinguishing a single connection chain from unrelated incoming and outgoing connections even in the presence of chaff. The result suggests that timejittering will not diminish our method’s usefulness.
منابع مشابه
Evading Stepping Stone Detection Under the Cloak of Streaming Media
Network-based intrusions have become a serious treat to the users of the Internet. To help cover their tracks, attackers launch attacks from a series of previously compromised systems called stepping stones. Timing correlations on incoming and outgoing packets can lead to detection of the stepping stone and can be used to trace the attacker through each link. Existing approaches, however, delib...
متن کاملDetecting Anomalies in Active Insider Stepping Stone Attacks
Network attackers frequently use a chain of compromised intermediate nodes to attack a target machine and maintain anonymity. This chain of nodes between the attacker and the target is called a stepping stone chain. Various classes of algorithms have been proposed to detect stepping stones, timing correlation based algorithms being a recent one that is attracting significant research interest. ...
متن کاملDetection of Interactive Stepping Stones: Algorithms and Confidence Bounds
Intruders on the Internet often prefer to launch network intrusions indirectly, i.e., using a chain of hosts on the Internet as relay machines using protocols such as Telnet or SSH. This type of attack is called a stepping-stone attack. In this paper, we propose and analyze algorithms for stepping-stone detection using ideas from Computational Learning Theory and the analysis of random walks. O...
متن کاملImproving Stepping Stone Detection Algorithms using Anomaly Detection Techniques
Network attackers frequently use a chain of compromised intermediate nodes to attack a target machine and maintain anonymity. This chain of nodes between the attacker and the target is called a stepping stone chain. Various algorithms have been proposed to detect stepping stones, timing correlation based algorithms being one of them. However, the existing timing based algorithms are susceptible...
متن کاملEvading stepping-stone detection under the cloak of streaming media with SNEAK
Network-based intrusions have become a serious threat to the users of the Internet. To help cover their tracks, attackers launch attacks from a series of previously compromised systems called stepping stones. Timing correlations on incoming and outgoing packets can lead to detection of the stepping stone and can be used to trace the attacker through each link. Prior work has sought to counter t...
متن کامل