Abstract
An effective approach of detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet round-trip time. In this paper, we propose a new algorithm by using data mining method to find the round-trip time from the timestamps of TCP send and echo packets. Previous algorithms produce either good packet matches on very few packets, or poor matches on many packets. This method gives us better round-trip time and more matched packets than other algorithms proposed in the past. It can estimate the length of a connection more accurate than other methods and has largely decreased false positive error and false negative error in detecting stepping-stone intrusion comparing with existing methods.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
