In this paper, we develop an algorithm that may be used as a stepping-stone detection tool. Our approach is based on analyzing correlations between the cumulative number of packets sent in outgoing connections and that of the incoming connections. We present a study of our method's effectiveness with actual connections as well as simulations of time-jittering (introduction of inter-packet delay) and chaff (introduction of superfluous packets). Experimental results suggest that our algorithm works well in the following scenarios: (1) distinguishing connection chains that go through the same stepping stone host and carry traffic of users who perform similar operations at the same time; and (2) distinguishing a single connection chain from unrelated incoming and outgoing connections even in the presence of chaff. The result suggests that timejittering will not diminish our method's usefulness. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Huang, S. H. S., Lychev, R., & Yang, J. (2007). Stepping-stone detection via request-response traffic analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4610 LNCS, pp. 276–285). Springer Verlag. https://doi.org/10.1007/978-3-540-73547-2_29
Mendeley helps you to discover research relevant for your work.