To evade detection, network attackers usually launch intrusions through stepping-stones by building a long connection via intermediary hosts. In order to detect long connection chains, we first need to identify whether a host has been used as a stepping-stones. In this paper, we proposed the packet fluctuation approach to detect stepping-stones based on the range of a random walk model. Two algorithms (transformation and packet size) are proposed for this approach to distinguish the stepping-stone connections (ATTACK pairs) from the normal connections (NORMAL pairs). We also show the effectiveness of our algorithms in detecting the chaff perturbation. It is found that both algorithms are able to effectively identify the stepping-stone connections. © Springer Science+Business Media B.V. 2008.
CITATION STYLE
Wu, H. C., & Huang, S. H. S. (2008). Packet fluctuation approach for stepping-stone detection. In Novel Algorithms and Techniques in Telecommunications, Automation and Industrial Electronics (pp. 364–369). https://doi.org/10.1007/978-1-4020-8737-0_65
Mendeley helps you to discover research relevant for your work.