论文信息 - Detecting Encrypted Interactive Stepping-Stone Connections

Detecting Encrypted Interactive Stepping-Stone Connections

Network intruders often hide their identities by sending attacks through a chain of compromised hosts that are used as "stepping stones". The difficulty in defending against such attacks lies in detecting stepping-stone connections at the compromised hosts. In this paper, to distinguish normal from attacking connections, we consider strategies that do not depend on the content of the traffic so that they are applicable to encrypted traffic. We propose a low complexity detection algorithm that has no miss detection and an exponentially-decaying false alarm probability. A sequential strategy is then developed to reduce the required number of testing packets

Lang Tong | Ting He

[1] V. D. Ozrin,et al. Theory of stochastic processes in quantum dynamical systems , 1980 .

[2] H. D. Miller,et al. The Theory Of Stochastic Processes , 1977, The Mathematical Gazette.

[3] Stuart Staniford-Chen,et al. Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[4] Douglas S. Reeves,et al. Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[5] Hiroaki Etoh,et al. Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[6] Vern Paxson,et al. Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[7] Douglas S. Reeves,et al. Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[8] Lang Tong,et al. Detecting Encrypted Stepping-Stone Connections , 2007, IEEE Transactions on Signal Processing.

[9] Yin Zhang,et al. Detecting Stepping Stones , 2000, USENIX Security Symposium.

[10] Douglas S. Reeves,et al. Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[11] Dawn Xiaodong Song,et al. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.