Abstract
Estimating the length of a connection chain is challenging and critical in detecting stepping-stone intrusion. In this paper, we propose a novel method, called standard deviation-based clustering approach (SDBA), to estimate the length of an interactive connection chain by computing round-trip time (RTT). SDBA takes advantage of RTTs distribution and inter-arrival distribution of “send” packets. We prove that the probability of making a correct selection of RTT through SDBA is bounded by 1 − (1/ q 2), where q is a number related to standard deviation of RTTs distribution and send packets inter-arrival distribution. Experimental results showed that SDBA can compete against the best known algorithm in packet-matching rate and accuracy. This paper also presents the restrictions of SDBA.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.