Paper Info
Title
Resist Intruders' Manipulation via Context-Based TCP/IP Packet Matching
Abstract
Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade stepping-stone intrusion detection. Intruders' evasion makes detecting stepping-stone intrusion more difficult. In this paper, we propose a new approach, context-based TCP/IP packet matching, to detect stepping-stone intrusion, as well as resisting intruders' evasion. The analysis shows that this approach can resist intruders' time-jittering evasion. The simulation results showed even an intruder could chaff a connection with chaff-rate as high as 100%, this approach can still match the two connections to detect the intrusion and to resist intruders' chaff-perturbation evasion.
Year
DOI
Venue
2010
10.1109/AINA.2010.12
AINA
Keywords
Field
DocType
long connection chain,ip packet matching,intrusion detection,chaff-perturbation evasion,time-jittering,stepping-stone intrusion detection,resist intruders,manipulation,evasion,intruders manipulation,computer network security,stepping-stone,chaff-perturbation,context-based tcp/ip packet matching,stepping stones intrusion,transport protocols,time-jittering evasion,network security,simulation result,context-based tcp,new approach,stepping-stone intrusion,time jittering evasion,intruder evasion,cryptography,computer science,tcpip,resists,application software
Internet Protocol,Context based,Cryptography,Computer science,Computer security,Network security,Internet protocol suite,Computer network,Resist,Application software,Intrusion detection system,Distributed computing
Conference
ISSN
ISBN
Citations 
1550-445X
978-1-4244-6695-5
2
PageRank 
References 
Authors
0.40
7
4
Name
Order
Citations
PageRank
Yongzhong Zhang120.40
Jianhua Yang2355.49
Santhoshkumar Bediga320.40
Shou-hsuan Stephen Huang417459.88