TY - GEN
T1 - A quick-response real-time stepping stone detection scheme
AU - Li, Ping
AU - Zhou, Wanlei
AU - Yu, Yanli
PY - 2010
Y1 - 2010
N2 - Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%.
AB - Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%.
UR - http://www.scopus.com/inward/record.url?scp=78149327962&partnerID=8YFLogxK
U2 - 10.1109/HPCC.2010.17
DO - 10.1109/HPCC.2010.17
M3 - Conference contribution
AN - SCOPUS:78149327962
SN - 9780769542140
T3 - Proceedings - 2010 12th IEEE International Conference on High Performance Computing and Communications, HPCC 2010
SP - 677
EP - 682
BT - Proceedings - 2010 12th IEEE International Conference on High Performance Computing and Communications, HPCC 2010
T2 - 2010 12th IEEE International Conference on High Performance Computing and Communications, HPCC 2010
Y2 - 1 September 2010 through 3 September 2010
ER -