Abstract
An effective method to detect stepping-stone intrusion (SSI) is to estimate the length of a connection chain. This type of detection method is referred to as a network-based detection approach. Existing network-based SSI detection methods are either ineffective in the context of the Internet because of the presence of outliers in the packet round-trip times (RTTs) or inefficient, as many packets must be captured and processed. Because of the high fluctuation caused by the intermediate routers on the Internet, it is unavoidable that the RTTs of the captured packets contain outlier values. In this paper, we first propose an efficient algorithm to eliminate most of the possible RTT outliers of the packets captured in the Internet environment. We then develop an efficient SSI detection algorithm by mining network traffic using an improved version of k-Means clustering. Our proposed detection algorithm for SSI is accurate, effective, and efficient in the context of the Internet. Well-designed network experiments are conducted in the Internet environment to verify the effectiveness, correctness, and efficiency of our proposed algorithms. Our experiments show that the effective rate of our proposed SSI detection algorithm is higher than 85.7% in the context of the Internet.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
