Title | ||
---|---|---|
Detecting Stepping-Stone Intruders By Identifying Crossover Packets In Ssh Connections |
Abstract | ||
---|---|---|
Routing packet traffic through a chain of hosts is a common technique for hackers to attack a victim server without exposing themselves. Generally, the use of a long connection chain to log in to a computer system is an indication of the presence of an intruder. This paper presents a new solution to the problem of detecting such long connection chains at the server side. Our hypothesis is that a long connection chain will cause Request and Response packets to cross each other along the chain. So even though we cannot directly observe the packet crossovers from the server side, we can observe some of their side effects. Thus, our detection algorithm is based on detecting this side effect of packet crossovers. We validated the algorithm using test data generated on the Internet. The results show a high detection rate of long connection chains of length three hops with a reasonable false positive rate. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/AINA.2016.132 | IEEE 30TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS IEEE AINA 2016 |
Keywords | Field | DocType |
intrusion detection, stepping-stone attacks, packet crossovers, long connection chain | Server-side,False positive rate,Crossover,Computer science,Login,Server,Network packet,Computer network,Intrusion detection system,Distributed computing,The Internet | Conference |
ISSN | Citations | PageRank |
1550-445X | 1 | 0.36 |
References | Authors | |
8 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shou-hsuan Stephen Huang | 1 | 174 | 59.88 |
Hongyang Zhang | 2 | 1 | 0.36 |
Michael Phay | 3 | 1 | 0.36 |