Paper Info
Title
Detecting Stepping-Stone Connection Using Association Rule Mining
Abstract
A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.
Year
DOI
Venue
2009
10.1109/ARES.2009.101
ARES
Keywords
Field
DocType
intrusion detection,false detection rate,network security,network routing,network intrusion detection system,stepping-stone connection detection,internet,connection chain,modified association rule mining,data mining,telecommunication network routing,stepping-stone,security of data,evasion technique,delta modulation,association rule mining,cryptography,association rules,routing,computer security
False detection,Data mining,Network intrusion detection,Computer science,Network routing,Computer security,Network packet,Network security,Association rule learning,Jitter,Intrusion detection system
Conference
ISBN
Citations 
PageRank 
978-0-7695-3564-7
1
0.35
References 
Authors
10
2
Name
Order
Citations
PageRank
Ying-Wei Kuo1413.89
Shou-hsuan Stephen Huang217459.88