You are not logged in.

Detecting stepping stones by abnormal causality probability

Wen, Sheng, Wu, Di, Li, Ping, Xiang, Yang, Zhou, Wanlei and Wei, Guiyi 2015, Detecting stepping stones by abnormal causality probability, Security and communication networks, vol. 8, no. 10, pp. 1831-1844, doi: 10.1002/sec.1037.

Attached Files
Name Description MIMEType Size Downloads

Title Detecting stepping stones by abnormal causality probability
Author(s) Wen, Sheng
Wu, Di
Li, Ping
Xiang, YangORCID iD for Xiang, Yang orcid.org/0000-0001-5252-0831
Zhou, WanleiORCID iD for Zhou, Wanlei orcid.org/0000-0002-1680-2521
Wei, Guiyi
Journal name Security and communication networks
Volume number 8
Issue number 10
Start page 1831
End page 1844
Total pages 14
Publisher Wiley
Place of publication London, Eng.
Publication date 2015-07
ISSN 1939-0114
1939-0122
Keyword(s) Science & Technology
Technology
Computer Science, Information Systems
Telecommunications
Computer Science
intrusion detection
causality probability
stepping stones
Summary Locating the real source of the Internet attacks has long been an important but difficult problem to be addressed. In the real world, attackers can easily hide their identities and evade punishment by relaying their attacks through a series of compromised systems or devices called stepping stones. Currently, researchers mainly use similar features from the network traffic, such as packet timestamps and frequencies, to detect stepping stones. However, these features can be easily destroyed by attackers using evasive techniques. In addition, it is also difficult to implement an appropriate threshold of similarity that can help justify the stepping stones. In order to counter these problems, in this paper, we introduce the consistent causality probability to detect the stepping stones. We formulate the ranges of abnormal causality probabilities according to the different network conditions, and on the basis of it, we further implement to self-adaptive methods to capture stepping stones. To evaluate our proposed detection methods, we adopt theoretic analysis and empirical studies, which demonstrate accuracy of the abnormal causality probability. Moreover, we compare our proposed methods with previous works. The result shows that our methods in this paper significantly outperform previous works in the accuracy of detection malicious stepping stones, even when evasive techniques are adopted by attackers.
Language eng
DOI 10.1002/sec.1037
Field of Research 0802 Computation Theory And Mathematics
0805 Distributed Computing
0899 Other Information And Computing Sciences
080303 Computer System Security
Socio Economic Objective 890205 Information Processing Services (incl. Data Entry and Capture)
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2015, Wiley
Persistent URL http://hdl.handle.net/10536/DRO/DU:30077749

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in TR Web of Science
Scopus Citation Count Cited 0 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 166 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Fri, 18 Mar 2016, 15:51:38 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.