File(s) under permanent embargo

A quick-response real-time stepping stone detection scheme

conference contribution
posted on 2010-01-01, 00:00 authored by Ping Li, Wanlei Zhou, Y Yu
Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%.

History

Event

IEEE International Conference on High Performance Computing and Communications (12th : 2010 : Melbourne, Vic.)

Pagination

677 - 682

Publisher

IEEE

Location

Melbourne, Vic.

Place of publication

Piscataway, N.J.

Start date

2010-09-01

End date

2010-09-03

ISBN-13

9780769542140

ISBN-10

076954214X

Language

eng

Notes

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Publication classification

E1 Full written paper - refereed

Copyright notice

2010, IEEE

Title of proceedings

HPCC 2010 : Proceedings of the 12th IEEE International Conference on High Performance Computing and Communications

Usage metrics

Categories

Keywords

Exports