Hybrid stepping stone detection method

Abstract

Stepping stone detection can be defined as a process to discover an intermediate host correlation that used by intruder. Most of the intruders cover their track by login into intermediate host first before execute the real attack. This intermediate hosts here known as stepping stone. This paper introduces a hybrid stepping stone detection method which combines the network-based and host-based stepping stone method. By taking the special capabilities of each method, solid stepping stone detection architecture has been produced. A great explanation regarding to the architecture has been done, together with the details of each chosen approach as to develop the overall hybrid stepping stone detection method. The study shows that by applying the hybrid concept in stepping stone detection, benefits can be gained from the less number of false positive and false negative rates, robust against active perturbation and the overall stepping stone methods becomes more precise.