Abstract | ||
---|---|---|
An effective approach of detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet round-trip time. In this paper, we propose a new algorithm by using data mining method to find the round-trip time from the timestamps of TCP send and echo packets. Previous algorithms produce either good packet matches on very few packets, or poor matches on many packets. This method gives us better round-trip time and more matched packets than other algorithms proposed in the past. It can estimate the length of a connection more accurate than other methods and has largely decreased false positive error and false negative error in detecting stepping-stone intrusion comparing with existing methods. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1016/j.cose.2007.07.001 | Computers & Security |
Keywords | Field | DocType |
intrusion detection,network security,stepping-stone,partitioning,round-trip time,clustering,false positive,round trip time,data mining | Computer security,Computer science,Network packet,Network security,Internet protocol suite,Real-time computing,Transmission Control Protocol,Timestamp,Round-trip delay time,Intrusion detection system,TCP sequence prediction attack | Journal |
Volume | Issue | ISSN |
26 | 7-8 | Computers & Security |
Citations | PageRank | References |
12 | 0.67 | 8 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jianhua Yang | 1 | 35 | 5.49 |
Shou-hsuan Stephen Huang | 2 | 174 | 59.88 |