Skip to main content
SpringerLink
Log in

Resistance Analysis to Intruders’ Evasion of Detecting Intrusion

  • Conference paper
Information Security (ISC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4176))

Included in the following conference series:

Abstract

Most network intruders launch their attacks through a chain of compromised hosts (stepping-stones) to reduce the risks of being detected or captured. Detecting such kind of attacks is important and difficult because of intruders’ evasion to detection, such as time perturbation, and chaff perturbation. In this paper, we propose a clustering algorithm to detect stepping-stone intrusion based on TCP packet round-trip time to estimate the downstream length of an interactive terminal session and give its resistibility to intruders’ evasion. The analysis and simulation results show that this algorithm can detect stepping-stone intrusion without false alarm, and low misdetection. It can resist to intruders’ time perturbation completely, as well as chaff perturbation to a certain extent.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Zhang, Y., Paxson, V.: Detecting Stepping-Stones. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 2000, pp. 67–81 (2000)

    Google Scholar 

  2. Staniford-Chen, S., Todd Heberlein, L.: Holding Intruders Accountable on the Internet. In: Proc. IEEE Symposium on Security and Privacy, Oakland, CA (August 1995), pp. 39–49 (1995)

    Google Scholar 

  3. Yoda, K., Etoh, H.: Finding Connection Chain for Tracing Intruders. In: Proc. 6th European Symposium on Research in Computer Security. LNCS, vol. 1985, pp. 31–42. Springer, Heidelberg (2000)

    Google Scholar 

  4. Yung, K.H.: Detecting Long Connecting Chains of Interactive Terminal Sessions. In: Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Zurich, Switzerland, pp. 1–16 (October 2002)

    Google Scholar 

  5. Donoho, D.L. (ed.): Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Proceedings of International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, pp. 45–59 (September 2002)

    Google Scholar 

  6. Blum, A., Song, D., Venkataraman, S.: Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds. In: Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France (September 2004), pp. 20–35 (2004)

    Google Scholar 

  7. Yang, J., Huang, S.-H.S.: A Real-Time Algorithm to Detect Long Connection Chains of Interactive Terminal Sessions. In: Proceedings of 3rd International Conference on Information Security (Infosecu 2004), Shanghai, China (November 2004), pp. 198–203 (2004)

    Google Scholar 

  8. Yang, J., Huang, S.-H.S.: Matching TCP Packets and Its Application to the Detection of Long Connection Chains. In: Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan (March 2005), pp. 1005–1010 (2005)

    Google Scholar 

  9. Yang, J., Huang, S.H.S.: Characterizing and Estimating Network Fluctuation for Detecting Interactive Stepping-Stone Intrusion. In: The proceedings of 3rd International Conference on Communication, Network and Information Security, Phoenix, Arizona (November 2005), pp. 70–75 (2005)

    Google Scholar 

  10. University of Southern California: Transmission Control Protocol. RFC 793 (September 1981)

    Google Scholar 

  11. Friedman, M., Kandel, A.: Introduction to Pattern Recognition: Statistical, Structural, Neural, and Fuzzy Logic Approaches. NJ World Scientific Publishing Co., River Edge, London (1999)

    Google Scholar 

  12. Mirkin, B.: Mathematical Classification and Clustering, pp. 169–198. Kluwer Academic Publishers, Dordrecht, The Netherlands (1996)

    MATH  Google Scholar 

  13. Jain, A., Dubes, R.: Algorithms for Clustering Data, pp. 55–143. Prentice Hall, Inc., New Jersey (1988)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Houston, 4800 Calhoun Rd., Houston, TX, 77204, USA

    Jianhua Yang & Shou-Hsuan Stephen Huang

  2. Department of Computer Science, Shanghai TV University, 288 Guoshun Rd, Shanghai, 200433, China

    Yongzhong Zhang

Authors
  1. Jianhua Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongzhong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shou-Hsuan Stephen Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of the Aegean, University Hill, 81100, Mytilene, Greece

    Sokratis K. Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier López

  3. MPI-SWS,  

    Michael Backes

  4. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  5. Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, J., Zhang, Y., Huang, SH.S. (2006). Resistance Analysis to Intruders’ Evasion of Detecting Intrusion. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_28

Download citation

  • DOI: https://doi.org/10.1007/11836810_28

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38341-3

  • Online ISBN: 978-3-540-38343-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation