[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

An Effective Approach for Stepping-Stone Intrusion Detection Using Packet Crossover

  • Conference paper
  • First Online:
Information Security Applications (WISA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13720))

Included in the following conference series:

Abstract

An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain, which is referred to as the network-based detection approach. In this paper, we propose an effective network-based approach for SSID using packet crossover. Existing network-based approaches for SSID are either not effective, or not efficient as they require a large number of TCP packets to be captured and processed. Some other existing network-based approaches for SSID do not work effectively when the fluctuation of the packets’ RTTs is large and requires the length of a connection chain to be pre-determined, and thus these existing detection methods have very limited performance. Our proposed algorithm for SSID using packet crossover can effectively determine the length of a downstream connection chain without any pre-assumption about the length of a connection chain as well as not requiring a large number of TCP packets being captured and processed, and thus our proposed SSID algorithm is more efficient. Since the number of packet crossovers can be easily calculated, our proposed detection method is easy to use and implement. The effectiveness, correctness and efficiency of our proposed algorithm for SSID are verified through well-designed network experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 51.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 64.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Wang, L., Yang, J., Xu, X., Wan, P.-J.: Mining network traffic with the k-means clustering algorithm for stepping-stone intrusion detection. Wirel. Commun. Mob. Comput. 2021 (2021). Article ID 6632671

    Google Scholar 

  2. Blum, A., Song, D., Venkataraman, S.: Detection of interactive stepping stones: algorithms and confidence bounds. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 258–277. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30143-1_14

    Chapter  Google Scholar 

  3. Bishop, M.: UNIX security: threats and solutions. In: Invited Talk Given at the 1995 System Administration, Networking, and Security Conference, Washington, DC (1995)

    Google Scholar 

  4. Bhattacherjee, D.: Stepping-stone detection for tracing attack sources in software-defined networks. Degree Project in Electrical Engineering, Stockholm, Sweden (2016)

    Google Scholar 

  5. Donoho, D., Flesia, A., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Berlin, Heidelberg (2002). https://doi.org/10.1007/3-540-36084-0_2

    Chapter  MATH  Google Scholar 

  6. Liu, J., et al.: Adaptive intrusion detection via GA-GOGMM-based pattern learning with fuzzy rough set-based attribute selection. Expert Syst. Appl. 139, 112845 (2020)

    Article  Google Scholar 

  7. Yang, J., Huang, S.-H.S.: A real-time algorithm to detect long connection chains of interactive terminal sessions. In: Proceedings of 3rd ACM International Conference on Information Security (Infosecu 2004), Shanghai, China, pp. 198–203 (2004)

    Google Scholar 

  8. Yang, J., Huang, S.-H. S.: Matching TCP packets and its application to the detection of long connection chains. In: Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China, pp. 1005–1010 (2005)

    Google Scholar 

  9. Yang, J., Huang, S.S.-H.: Mining TCP/IP packets to detect stepping-stone intrusion. J. Comput. Secur. 26, 479–484 (2007)

    Article  Google Scholar 

  10. Yang, J., Wang, L., Lesh, A., Lockerbie, B.: Manipulating network traffic to evade stepping-stone intrusion detection. Internet Things 3, 34–45 (2018)

    Article  Google Scholar 

  11. Yung, K.H.: Detecting long connecting chains of interactive terminal sessions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 1–16. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36084-0_1

    Chapter  Google Scholar 

  12. Phaal, P., Panchen, S., McKee, N.: InMon corporation’s sFlow: a method for monitoring traffic in switched and routed networks. RFC 3176, IETF (2001)

    Google Scholar 

  13. Staniford-Chen, S., Heberlein, L.T.: Holding intruders accountable on the internet. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 39–49 (1995)

    Google Scholar 

  14. Paxson, V., Floyd, S.: Wide-area traffic: the failure of poisson modeling. IEEE/ACM Trans. Netw. 3(3), 226–244 (1995)

    Article  Google Scholar 

  15. Wang, L., Yang, J.: A research survey in stepping-stone intrusion detection. EURASIP J. Wirel. Commun. Netw. 2018(1), 1–15 (2018). https://doi.org/10.1186/s13638-018-1303-2

    Article  Google Scholar 

  16. Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping-stones by flow watermarking. IEEE Trans. Dependable Secure Comput. 8(3), 434–449 (2011)

    Article  Google Scholar 

  17. Chen, Y., Wang, S.: A novel network flow watermark embedding model for efficient detection of stepping-stone intrusion based on entropy. In: Proceedings of the International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), WorldComp 2016 (2016)

    Google Scholar 

  18. Zhang, Y., Paxson, V.: Detecting stepping-stones. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO, pp. 67–81 (2000)

    Google Scholar 

  19. Huang, S.-H.S., Zhang, H., Phay, M.: Detecting stepping-stone intruders by identifying crossover packets in SSH connections. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA). IEEE (2016)

    Google Scholar 

Download references

Acknowledgment

This work of Drs. Lixin Wang and Jianhua Yang is supported by the National Security Agency NCAE-C Research Grant (H98230-20-1-0293) with Columbus State University, Georgia, USA.

Author information

Authors and Affiliations

  1. Columbus State University, Columbus, GA, 31907, USA

    Lixin Wang, Jianhua Yang & Austin Lee

Authors
  1. Lixin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianhua Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Austin Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lixin Wang .

Editor information

Editors and Affiliations

  1. Soonchunhyang University, Asan-Si, Korea (Republic of)

    Ilsun You

  2. Dankook University, Yongin, Korea (Republic of)

    Taek-Young Youn

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, L., Yang, J., Lee, A. (2023). An Effective Approach for Stepping-Stone Intrusion Detection Using Packet Crossover. In: You, I., Youn, TY. (eds) Information Security Applications. WISA 2022. Lecture Notes in Computer Science, vol 13720. Springer, Cham. https://doi.org/10.1007/978-3-031-25659-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25659-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25658-5

  • Online ISBN: 978-3-031-25659-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation