Paper Info
Title
Mining TCP/IP packets to detect stepping-stone intrusion
Abstract
An effective approach of detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet round-trip time. In this paper, we propose a new algorithm by using data mining method to find the round-trip time from the timestamps of TCP send and echo packets. Previous algorithms produce either good packet matches on very few packets, or poor matches on many packets. This method gives us better round-trip time and more matched packets than other algorithms proposed in the past. It can estimate the length of a connection more accurate than other methods and has largely decreased false positive error and false negative error in detecting stepping-stone intrusion comparing with existing methods.
Year
DOI
Venue
2007
10.1016/j.cose.2007.07.001
Computers & Security
Keywords
Field
DocType
intrusion detection,network security,stepping-stone,partitioning,round-trip time,clustering,false positive,round trip time,data mining
Computer security,Computer science,Network packet,Network security,Internet protocol suite,Real-time computing,Transmission Control Protocol,Timestamp,Round-trip delay time,Intrusion detection system,TCP sequence prediction attack
Journal
Volume
Issue
ISSN
26
7-8
Computers & Security
Citations 
PageRank 
References 
12
0.67
8
Authors
2
Name
Order
Citations
PageRank
Jianhua Yang1355.49
Shou-hsuan Stephen Huang217459.88