Abstract
Most network intruders launch their attacks through a chain of compromised hosts (stepping-stones) to reduce the risks of being detected or captured. Detecting such kind of attacks is important and difficult because of intruders’ evasion to detection, such as time perturbation, and chaff perturbation. In this paper, we propose a clustering algorithm to detect stepping-stone intrusion based on TCP packet round-trip time to estimate the downstream length of an interactive terminal session and give its resistibility to intruders’ evasion. The analysis and simulation results show that this algorithm can detect stepping-stone intrusion without false alarm, and low misdetection. It can resist to intruders’ time perturbation completely, as well as chaff perturbation to a certain extent.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zhang, Y., Paxson, V.: Detecting Stepping-Stones. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 2000, pp. 67–81 (2000)
Staniford-Chen, S., Todd Heberlein, L.: Holding Intruders Accountable on the Internet. In: Proc. IEEE Symposium on Security and Privacy, Oakland, CA (August 1995), pp. 39–49 (1995)
Yoda, K., Etoh, H.: Finding Connection Chain for Tracing Intruders. In: Proc. 6th European Symposium on Research in Computer Security. LNCS, vol. 1985, pp. 31–42. Springer, Heidelberg (2000)
Yung, K.H.: Detecting Long Connecting Chains of Interactive Terminal Sessions. In: Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Zurich, Switzerland, pp. 1–16 (October 2002)
Donoho, D.L. (ed.): Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Proceedings of International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland, pp. 45–59 (September 2002)
Blum, A., Song, D., Venkataraman, S.: Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds. In: Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France (September 2004), pp. 20–35 (2004)
Yang, J., Huang, S.-H.S.: A Real-Time Algorithm to Detect Long Connection Chains of Interactive Terminal Sessions. In: Proceedings of 3rd International Conference on Information Security (Infosecu 2004), Shanghai, China (November 2004), pp. 198–203 (2004)
Yang, J., Huang, S.-H.S.: Matching TCP Packets and Its Application to the Detection of Long Connection Chains. In: Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan (March 2005), pp. 1005–1010 (2005)
Yang, J., Huang, S.H.S.: Characterizing and Estimating Network Fluctuation for Detecting Interactive Stepping-Stone Intrusion. In: The proceedings of 3rd International Conference on Communication, Network and Information Security, Phoenix, Arizona (November 2005), pp. 70–75 (2005)
University of Southern California: Transmission Control Protocol. RFC 793 (September 1981)
Friedman, M., Kandel, A.: Introduction to Pattern Recognition: Statistical, Structural, Neural, and Fuzzy Logic Approaches. NJ World Scientific Publishing Co., River Edge, London (1999)
Mirkin, B.: Mathematical Classification and Clustering, pp. 169–198. Kluwer Academic Publishers, Dordrecht, The Netherlands (1996)
Jain, A., Dubes, R.: Algorithms for Clustering Data, pp. 55–143. Prentice Hall, Inc., New Jersey (1988)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, J., Zhang, Y., Huang, SH.S. (2006). Resistance Analysis to Intruders’ Evasion of Detecting Intrusion. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds) Information Security. ISC 2006. Lecture Notes in Computer Science, vol 4176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11836810_28
Download citation
DOI: https://doi.org/10.1007/11836810_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38341-3
Online ISBN: 978-3-540-38343-7
eBook Packages: Computer ScienceComputer Science (R0)