Abstract | ||
---|---|---|
In this paper, we develop an algorithm that may be used as a steppingstone detection tool. Our approach is based on analyzing correlations between the cumulative number of packets sent in outgoing connections and that of the incoming connections. We present a study of our method's effectiveness with actual connections as well as simulations of time-jittering (introduction of inter-packet delay) and chaff (introduction of superfluous packets). Experimental results suggest that our algorithm works well in the following scenarios: (1) distinguishing connection chains that go through the same stepping stone host and carry traffic of users who perform similar operations at the same time; and (2) distinguishing a single connection chain from unrelated incoming and outgoing connections even in the presence of chaff. The result suggests that timejittering will not diminish our method's usefulness. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1007/978-3-540-73547-2_29 | ATC |
Keywords | Field | DocType |
outgoing connection,incoming connection,inter-packet delay,following scenario,actual connection,single connection chain,similar operation,distinguishing connection chain,cumulative number,stepping-stone detection,request-response traffic analysis,cumulant,network security,intrusion detection | Traffic analysis,Computer science,Network packet,Chaff,Computer network,Real-time computing,Request–response | Conference |
Volume | ISSN | ISBN |
4610 | 0302-9743 | 3-540-73546-1 |
Citations | PageRank | References |
3 | 0.48 | 14 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shou-Husan Stephen Huang | 1 | 3 | 0.48 |
Robert Lychev | 2 | 61 | 4.29 |
Jianhua Yang | 3 | 35 | 5.49 |