Detecting Stepping-Stone Intruders with Long Connection Chains
It is generally agreed that there is no valid reason to use a long connection chain for remote login such as SSH connection. Most of the stepping-stone detection algorithms installed on a host were designed to protect the victim of a third party downstream from where the algorithm is running. It is much more important for a host to protect itself from being a victim. This project uses an approximated round-trip time to distinguish a long connection chain from a short one. Several measures were studied to distinguish long chains from short ones. An estimated roundtrip time was defined to measure the chain length. Preliminary result suggests shows that the proposed algorithm can distinguish long connection chains from short ones with relatively low false rate.
Intrusion Detection Stepping-Stone Security Connection Chain
Wei Ding Matthew J.Hausknecht Shou-Hsuan Stephen Huang Zach Riggle
Department of Computer Science,University of Houston,Houston,TX,USA Department of Computer Science,Emory University,Atlanta,GA,USA Department of Computer Science,Michigan State University,East Lansing,MI,USA
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
665-669
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)