Abstract
Today’s intruders usually send attacking commands to a target system through several stepping-stone hosts, for the purpose of decreasing the probability of being caught. Using stepping-stone intrusion (SSI), the intruder’s identity is very difficult to discover as it is concealed by a long interactive connection chain of hosts. An effective approach for SSI detection (SSID) is to determine how many connections are contained in a connection chain. This type of method is called network-based SSID. Most existing network-based SSID only worked for network traffic without intruders’ session manipulation. These known SSID algorithms are either weak to resist intruders’ chaff-perturbation manipulation or have very limited capability in resisting attacker’s session manipulation. This paper develops a novel network-based SSID algorithm resistant to intruders’ chaff-perturbation by using packet crossover. The SSID approach proposed in this paper is simple and easy to implement as the number of packet crossovers can be easily computed. Our proposed algorithm is verified by rigorous technical proofs as well as well-designed network experiments. Our experimental results show that the proposed SSID algorithm works effectively and perfectly in resisting intruders’ chaff-perturbation up to a chaff rate of 50%.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
