By Topic

Detecting Intruders Using a Long Connection Chain to Connect to a Host

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Wei Ding ; Dept. of Comput. Sci., Univ. of Houston, Houston, TX, USA ; Huang, S.-H.S.

A common technique hackers use to break into a computer host is to route their traffic through a chain of stepping-stone hosts. There is no valid reason to use a long connection chain for remote login such as SSH connections. One way to protect a host of being attacked is to identify long connection chains connecting into the host. This paper proposes a novel method to identify long connection chains from short chains using a pre-computed short chain profile. Each new connection will be compared to the profile. Any connection that differs significantly from the profile will be considered as a suspicious long connection. Several methods are used to adjust with user's different typing speed. Validation results show that more than 80% long chains can be correctly detected for chains of length 4 or higher.

Published in:

Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on

Date of Conference:

22-25 March 2011