Detection of stepping stone attack under delay and chaff perturbations

Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have...

Full description

Saved in:
Bibliographic Details
Published in2006 IEEE International Performance Computing and Communications Conference pp. 10 pp. - 256
Main Authors Zhang, L., Persaud, A.G., Johnson, A., Guan, Y.
Format Conference Proceeding
LanguageEnglish
Published IEEE 2006
Subjects
Added delay
Algorithm design and analysis
Cryptography
Delay effects
Relays
Telecommunication traffic
Upper bound
Watermarking
Online AccessGet full text
ISBN1424401984
9781424401987
ISSN1097-2641
DOI10.1109/.2006.1629414

Cover

More Information
Summary:Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff perturbations exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers cannot always evade detection only by adding limited delay and independent chaff perturbations. We provide the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and the experimental results show that our algorithms are more effective in detecting stepping stone attacks in some scenarios
ISBN:1424401984
9781424401987
ISSN:1097-2641
DOI:10.1109/.2006.1629414