Skip to Main Content
Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an incoming connection and that of an outgoing connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders' evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders' evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders' chaff perturbation and time jittering evasion.