Using Dynamic Programming Techniques to Detect Multi-hop Stepping-Stone Pairs in a Connection Chain

Kuo, Ying-Wei; Huang, Shou-Hsuan Stephen; Ding, Wei; Kern, R.; Yang, Jianhua

doi:10.1109/aina.2010.132

Cited by 1 publication

(2 citation statements)

References 26 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhang et al [12] proposed resisting intruders' manipulation using context-based TCP/IP packet-matching. Dynamic programing and data mining techniques were used to detect stepping-stone intrusion [13,14]. Sheng et al [15] proposed to detect stepping-stone intrusion via mining network traffic.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

Yang

Wang

2021

Sensors

Self Cite

View full text Add to dashboard Cite

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…Yang et al [16] developed an algorithm to detect stepping-stone intrusion and resist intruders' chaff attack based on packet cross-matching and RTT-based random walk. All the above approaches [11][12][13][14][15] suffer from a low packet-matching rate and, thus, cannot resist intruders' chaff-perturbation rate to a high percentage.…”

Section: Literature Reviewmentioning

confidence: 99%