Abstract

AbstractLocating the real source of the Internet attacks has long been an important but difficult problem to be addressed. In the real world, attackers can easily hide their identities and evade punishment by relaying their attacks through a series of compromised systems or devices called stepping stones. Currently, researchers mainly use similar features from the network traffic, such as packet timestamps and frequencies, to detect stepping stones. However, these features can be easily destroyed by attackers using evasive techniques. In addition, it is also difficult to implement an appropriate threshold of similarity that can help justify the stepping stones. In order to counter these problems, in this paper, we introduce the consistent causality probability to detect the stepping stones. We formulate the ranges of abnormal causality probabilities according to the different network conditions, and on the basis of it, we further implement to self‐adaptive methods to capture stepping stones. To evaluate our proposed detection methods, we adopt theoretic analysis and empirical studies, which demonstrate accuracy of the abnormal causality probability. Moreover, we compare our proposed methods with previous works. The result shows that our methods in this paper significantly outperform previous works in the accuracy of detection malicious stepping stones, even when evasive techniques are adopted by attackers. Copyright © 2014 John Wiley & Sons, Ltd.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Detecting Stepping Stones by Abnormal Causality Probability
Sheng Wen ... Yang Xiang
-
Sheng Wen, et. al.Sheng Wen ... Yang Xiang
01 Jan 2013
Security, trust, and resilience of distributed networks and systems
Jinshu Su ... Indrakshi Ray
Security and Communication Networks | VOL. 8
Jinshu Su, et. al.Jinshu Su ... Indrakshi Ray
01 May 2015
GMAD: Graph-based Malware Activity Detection by DNS traffic analysis
Jehyun Lee ... Heejo Lee
Computer Communications | VOL. 49
Jehyun Lee, et. al.Jehyun Lee ... Heejo Lee
09 May 2014
Impact of similarity threshold on the topology of molecular similarity networks and clustering outcomes.
Gergely Zahoránszky-Kőhalmi ... Cristian G Bologa
Journal of Cheminformatics | VOL. 8
Gergely Zahoránszky-Kőhalmi, et. al.Gergely Zahoránszky-Kőhalmi ... Cristian G Bologa
30 Mar 2016
View more papers

More From: Security and Communication Networks

Paper Title
Journal
Date
Author
HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection
Peng Xiao ... Ying Yan
Security and Communication Networks | VOL. -
Peng Xiao, et. al.Peng Xiao ... Ying Yan
30 May 2024
A Robust Coverless Image Steganography Algorithm Based on Image Retrieval with SURF Features
Fan Li ... Zahid Mehmood
Security and Communication Networks | VOL. 2024
Fan Li, et. al.Fan Li ... Zahid Mehmood
18 May 2024
Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset
Mudassar Waheed ... Luigi Catuogno
Security and Communication Networks | VOL. 2024
Mudassar Waheed, et. al.Mudassar Waheed ... Luigi Catuogno
08 Apr 2024
Securing the Transmission While Enhancing the Reliability of Communication Using Network Coding in Block-Wise Transfer of CoAP
Mohammed D Halloush ... Shadab Alam
Security and Communication Networks | VOL. 2024
Mohammed D Halloush, et. al.Mohammed D Halloush ... Shadab Alam
28 Mar 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.