Characterizing and Estimating Network Fluctuation for Detecting Interactive Stepping-Stone Intrusion

J.H. Yang and S.-H.S. Huang (USA)

Keywords

Security, Stepping-stone, Intrusion Detection, Network Fluctuation, Standard Deviation

Abstract

We propose a fluctuation-based algorithm to detect interac tive stepping-stone intrusion. It estimates the length of a connection chain by computing the ratio between the stan dard deviation of the send-acknowledgement round-trip time for the first downstream connection and that of the send-echo round-trip time of a whole connection chain. The experimental results on the Internet showed that this ratio can be used to determine if there is a stepping-stone intrusion to certain degree. Comparing with the previous approaches, this algorithm has the ability to handle step aggregation problem, biased yardstick problem to some degree; its results are more monotonic; it has the advan tages to be implemented easily and executed efficiently.

Important Links:



Go Back