Resist Intruders' Manipulation via Context-Based TCP/IP Packet Matching

Resist Intruders' Manipulation via Context-Based TCP/IP Packet Matching

Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade stepping-stone intrusion detectio...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yongzhong Zhang, Jianhua Yang, Bediga, Santhoshkumar, Huang, Stephen S.-H
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
chaff-perturbation
Computer science
Cryptography
Educational institutions
evasion
Intrusion detection
manipulation
Network security
Protection
Relays
Resists
stepping-stone
TCPIP
time-jittering
USA Councils
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade stepping-stone intrusion detection. Intruders' evasion makes detecting stepping-stone intrusion more difficult. In this paper, we propose a new approach, context-based TCP/IP packet matching, to detect stepping-stone intrusion, as well as resisting intruders' evasion. The analysis shows that this approach can resist intruders' time-jittering evasion. The simulation results showed even an intruder could chaff a connection with chaff-rate as high as 100%, this approach can still match the two connections to detect the intrusion and to resist intruders' chaff-perturbation evasion.
ISSN:1550-445X
2332-5658
DOI:10.1109/AINA.2010.12