Skip to Main Content
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with an outgoing connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea applying signal processing technology to stepping-stone intrusion detection. We present the preliminary results of applying correlation coefficients to detecting stepping-stone intrusion. The contribution of this paper is that we are the first to apply correlation coefficient to stepping-stone detection, and more importantly, it does not have to monitor a session for a long time to conclude if there is a stepping-stone intrusion. Applying DFT and Z-transform to stepping-stone detection is under way.