Top

Published in:

2023 | OriginalPaper | Chapter

An Effective Approach for Stepping-Stone Intrusion Detection Using Packet Crossover

Authors : Lixin Wang, Jianhua Yang, Austin Lee

Published in: Information Security Applications

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

An effective approach for stepping-stone intrusion detection (SSID) is to estimate the length of a connection chain, which is referred to as the network-based detection approach. In this paper, we propose an effective network-based approach for SSID using packet crossover. Existing network-based approaches for SSID are either not effective, or not efficient as they require a large number of TCP packets to be captured and processed. Some other existing network-based approaches for SSID do not work effectively when the fluctuation of the packets’ RTTs is large and requires the length of a connection chain to be pre-determined, and thus these existing detection methods have very limited performance. Our proposed algorithm for SSID using packet crossover can effectively determine the length of a downstream connection chain without any pre-assumption about the length of a connection chain as well as not requiring a large number of TCP packets being captured and processed, and thus our proposed SSID algorithm is more efficient. Since the number of packet crossovers can be easily calculated, our proposed detection method is easy to use and implement. The effectiveness, correctness and efficiency of our proposed algorithm for SSID are verified through well-designed network experiments.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Quality-of-Service Degradation in Distributed Instrumentation Systems Through Poisoning of 5G Beamforming Algorithms

next chapter Software-Defined Network Based Secure Internet-Enabled Video Surveillance System

Wang, L., Yang, J., Xu, X., Wan, P.-J.: Mining network traffic with the k-means clustering algorithm for stepping-stone intrusion detection. Wirel. Commun. Mob. Comput. 2021 (2021). Article ID 6632671

Blum, A., Song, D., Venkataraman, S.: Detection of interactive stepping stones: algorithms and confidence bounds. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 258–277. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30143-1_14CrossRef

Bishop, M.: UNIX security: threats and solutions. In: Invited Talk Given at the 1995 System Administration, Networking, and Security Conference, Washington, DC (1995)

Bhattacherjee, D.: Stepping-stone detection for tracing attack sources in software-defined networks. Degree Project in Electrical Engineering, Stockholm, Sweden (2016)

Donoho, D., Flesia, A., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Berlin, Heidelberg (2002). https://doi.org/10.1007/3-540-36084-0_2CrossRefMATH

Liu, J., et al.: Adaptive intrusion detection via GA-GOGMM-based pattern learning with fuzzy rough set-based attribute selection. Expert Syst. Appl. 139, 112845 (2020)CrossRef

Yang, J., Huang, S.-H.S.: A real-time algorithm to detect long connection chains of interactive terminal sessions. In: Proceedings of 3rd ACM International Conference on Information Security (Infosecu 2004), Shanghai, China, pp. 198–203 (2004)

Yang, J., Huang, S.-H. S.: Matching TCP packets and its application to the detection of long connection chains. In: Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China, pp. 1005–1010 (2005)

Yang, J., Huang, S.S.-H.: Mining TCP/IP packets to detect stepping-stone intrusion. J. Comput. Secur. 26, 479–484 (2007)CrossRef

10.

Yang, J., Wang, L., Lesh, A., Lockerbie, B.: Manipulating network traffic to evade stepping-stone intrusion detection. Internet Things 3, 34–45 (2018)CrossRef

11.

Yung, K.H.: Detecting long connecting chains of interactive terminal sessions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 1–16. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36084-0_1CrossRef

12.

Phaal, P., Panchen, S., McKee, N.: InMon corporation’s sFlow: a method for monitoring traffic in switched and routed networks. RFC 3176, IETF (2001)

13.

Staniford-Chen, S., Heberlein, L.T.: Holding intruders accountable on the internet. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, pp. 39–49 (1995)

14.

Paxson, V., Floyd, S.: Wide-area traffic: the failure of poisson modeling. IEEE/ACM Trans. Netw. 3(3), 226–244 (1995)CrossRef

15.

Wang, L., Yang, J.: A research survey in stepping-stone intrusion detection. EURASIP J. Wirel. Commun. Netw. 2018(1), 1–15 (2018). https://doi.org/10.1186/s13638-018-1303-2CrossRef

16.

Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping-stones by flow watermarking. IEEE Trans. Dependable Secure Comput. 8(3), 434–449 (2011)CrossRef

17.

Chen, Y., Wang, S.: A novel network flow watermark embedding model for efficient detection of stepping-stone intrusion based on entropy. In: Proceedings of the International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), WorldComp 2016 (2016)

18.

Zhang, Y., Paxson, V.: Detecting stepping-stones. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO, pp. 67–81 (2000)

19.

Huang, S.-H.S., Zhang, H., Phay, M.: Detecting stepping-stone intruders by identifying crossover packets in SSH connections. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA). IEEE (2016)

Title: An Effective Approach for Stepping-Stone Intrusion Detection Using Packet Crossover
Authors: Lixin Wang
Jianhua Yang
Austin Lee
Publisher: Springer Nature Switzerland
Book: Information Security Applications
Print ISBN: 978-3-031-25658-5

Electronic ISBN: 978-3-031-25659-2

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-3-031-25659-2_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner