Skip to main content
Conference Proceedings

Matching connection pairs

Lecture Notes in Computer Science (2004) 3320 642-649
DOI: 10.1007/978-3-540-30501-9_124
4Citations
Citations of this article
1Readers
Mendeley users who have this article in their library.
Get full text

Abstract

When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.

Author supplied keywords

Cite

CITATION STYLE

APA

Kang, H. W., Hong, S. J., & Lee, D. H. (2004). Matching connection pairs. In Lecture Notes in Computer Science (Vol. 3320, pp. 642–649). Springer Verlag. https://doi.org/10.1007/978-3-540-30501-9_124

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free