When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.
CITATION STYLE
Kang, H. W., Hong, S. J., & Lee, D. H. (2004). Matching connection pairs. In Lecture Notes in Computer Science (Vol. 3320, pp. 642–649). Springer Verlag. https://doi.org/10.1007/978-3-540-30501-9_124
Mendeley helps you to discover research relevant for your work.