Abstract
Hackers usually send attacking commands through compromised hosts, called stepping-stones, for the purpose of decreasing the chance of being discovered. An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain. This type of detection method is referred to as the network-based SSID (NSSID). All the existing NSSID approaches use the distribution of packet round-trip times (RTTs) to estimate the length of a connection chain. In this paper, we explore a novel approach – Fast Fourier Transformation (FFT) to analyze the distribution of packet RTTs. We first capture network packets from different stepping-stones in a connection chain, identify and match the Send and Echo packets in each stepping-stone. Packet RTTs can be obtained from matched pairs of packets. We then apply the FFT interpolation method to obtain a RTT time function and finally conduct FFT transformation to the RTT function in each stepping-stone host. Finally, we conduct a complete FFT analysis for the distribution of packet RTTs and present the FFT analysis results in this paper.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.