By Topic

Hybrid stepping stone detection method

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Mohd Nizam Omar ; College of Arts and Sciences, Department of Information Technology, Universiti Utara Malaysia, Kedah, MALAYSIA 06010 ; Lelyzar Siregar ; Rahmat Budiarto

Stepping stone detection can be defined as a process to discover an intermediate host correlation that used by intruder. Most of the intruders cover their track by login into intermediate host first before execute the real attack. This intermediate hosts here known as stepping stone. This paper introduces a hybrid stepping stone detection method which combines the network-based and host-based stepping stone method. By taking the special capabilities of each method, solid stepping stone detection architecture has been produced. A great explanation regarding to the architecture has been done, together with the details of each chosen approach as to develop the overall hybrid stepping stone detection method. The study shows that by applying the hybrid concept in stepping stone detection, benefits can be gained from the less number of false positive and false negative rates, robust against active perturbation and the overall stepping stone methods becomes more precise.

Published in:

Distributed Framework and Applications, 2008. DFmA 2008. First International Conference on

Date of Conference:

21-22 Oct. 2008