We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

Matching TCP/IP Packets to Resist Stepping-Stone Intruders' Evasion

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Long Ni ; North Carolina A & T State Univ., Greensboro ; Jianhua Yang ; Ran Zhang ; Song, D.Y.

Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an incoming connection and that of an outgoing connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders' evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders' evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders' chaff perturbation and time jittering evasion.

Published in:

System Theory, 2008. SSST 2008. 40th Southeastern Symposium on

Date of Conference:

16-18 March 2008