A stepping-stone connection has always been assumed as an intrusion since the first research on stepping-stone connections twenty years ago. However, not all stepping-stone connections are malicious. This paper proposes an enhanced stepping-stone detection (SSD) technique which is capable to identify legitimate connections from stepping-stone connections. Stepping-stone connections are identifi...

This paper discusses one of the issues that are not covered by current stepping stone detection based researches. Although dropped packet problems are well-known problem in real network environment, all of the stepping stone detection researches just assume that dropped packet problems do not occur. Stepping stone detection research already in complex condition where each enhancement of the res...

Most network intruders launch their attacks through steppingstones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with an outgoing connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the i...

Network-based intrusions have become a serious threat to the users of the Internet. To help cover their tracks, attackers launch attacks from a series of previously compromised systems called stepping stones. Timing correlations on incoming and outgoing packets can lead to detection of the stepping stone and can be used to trace the attacker through each link. Prior work has sought to counter t...

This research intends to introduce a new usage of Artificial Intelligent (AI) approaches in Stepping Stone Detection (SSD) fields of research. By using Self-Organizing Map (SOM) approaches as the engine, through the experiment, it is shown that SOM has the capability to detect the number of connection chains that involved in a stepping stones. Realizing that by counting the number of connection...

This paper intends to introduce an implementation of a novel Self-Organization Map (SOM) in Host-based Stepping Stone Detection (SSD). Previous works have introduced Artificial Intelligence (AI) approaches such as Artificial Neural Network (ANN), however we found that the approaches are complex due to the requirement of variable to be known and tested to detect a stepping stone. SOM provides un...

One widely-used technique by which network attackers attain anonymity and complicate their apprehension is by employing stepping stones: they launch attacks not from their own computer but from intermediary hosts that they previously compromised. We develop an efficient algorithm for detecting stepping stones by monitoring a site’s Internet access link. The algorithm is based on the distinctive...

Network-based intrusions have become a serious treat to the users of the Internet. To help cover their tracks, attackers launch attacks from a series of previously compromised systems called stepping stones. Timing correlations on incoming and outgoing packets can lead to detection of the stepping stone and can be used to trace the attacker through each link. Existing approaches, however, delib...