Stepping-stone detection technique for recognizing legitimate and attack connections

A stepping-stone connection has always been assumed as an intrusion since the first research on stepping-stone connections twenty years ago. However, not all stepping-stone connections are malicious.This paper proposes an enhanced stepping-stone detection (SSD) technique which is capable to identify legitimate connections from stepping-stone connections.Stepping-stone connections are identified from raw network traffics using timing-based SSD approach.Then, they go through an anomaly detection technique to differentiate between legitimate and attack connections.This technique has a promising solution to accurately detecting intrusions from stepping-stone connections.It will prevent incorrect responses that punish legitimate users

Backdoor attack detection based on stepping stone detection approach

Network intruders usually use a series of hosts (stepping stones) to conceal the tracks of their intrusion in the network. This type of intrusion can be detected through an approach called Stepping Stone Detection (SSD). In the past years, SSD was confined to the detection of only this type of intrusion. In this dissertation, we consider the use of SSD concepts in the field of backdoor attack detection. The application of SSD in this field results in many advantages. First, the use of SSD makes the backdoor attack detection and the scan process time faster. Second, this technique detects all types of backdoor attack, both known and unknown, even if the backdoor attack is encrypted. Third, this technique reduces the large storage resources used by traditional antivirus tools in detecting backdoor attacks. This study contributes to the field by extending the application of SSD-based techniques, which are usually used in SSD-based environments only, into backdoor attack detection environments. Through an experiment, the accuracy of SSD-based backdoor attack detection is shown as very high

Solving time gap problems through the optimization of detecting stepping stone algorithm

This paper describes an analysis of detecting stepping stone algorithm to defeat the time gap problem. It is found that current algorithm of detecting stepping stone is not optimized. Several weaknesses are identified and suggestions are proposed to overcome this problem. The suggestions are applied in the improved algorithm. Since the detecting stepping stone is listed as one of the response technique, it is suggested that the improved algorithm should be used as a remedial to the time gap problem

Visualization for network forensic analyses: extending the Forensic Log Investigator (FLI)

In a network attack investigation, the mountain of information collected from varying sources can be daunting. Investigators face significant challenges in being able to correlate findings from these sources, given difficulties with time synchronization. In addition, it is difficult to obtain summary or overview information for one set of data, much less the entire case. This, in turn, makes it nearly impossible to accurately identify missing information.;Identifying these information gaps is one problem, yet another is filling them in. Investigators must rely on legal processes and requests to obtain the information they need. However, it is extremely important they are aware of cases or events that cross jurisdictional boundaries. Where tools exist to assist in evidence overview, they do not contain the necessary geographic information for investigators to quickly ascertain the location of those involved.;In addition to these difficulties, investigators need to perform several types of analysis on the evidence that has been collected. Several of these analyses cannot typically be performed on data from multiple log files, since they are based on timing data. Furthermore, it is difficult to understand results from these analyses without visual representation, and there are no tools to bring them together in a single frame.;This thesis details the design and implementation of an analysis and visualization extension for the Forensic Log Investigator, or FLI. FLI is a web-based analysis and visualization architecture built on advanced technologies and enterprise infrastructure. This extension assists investigators by providing the ability to correlate evidence and analysis across traditional log file and analysis method boundaries, identify information gaps, and perform analysis in accordance with published evidence handling guidelines

Abstracts 2018: Highlights of Student Research and Creative Endeavors

What follows is a collection of abstracts summarizing the scholarship conducted by undergraduates at Columbus State University during the 2017-2018 academic year. These projects highlight undergraduates research in a variety of disciplines, ranging from literary analysis to laboratory-based sciences. The abstracts represent many ongoing projects on our campus and catalog those that have been published or presented. This volume begins with projects that have been selected for presentations at national, regional and statewide disciplinary conferences. Among them are several that have garnered awards for outstanding undergraduate scholarship. Projects that have received competitive research grants, including our campus Student Research and Creative Endeavor (SRACE) Grants, are also featured. Many undergraduates have presented their work to our local community, either through the dissemination of best practices in nursing to regional hospitals, colloquium presentations of lecture-recitals at the RiverCenter for the Performing Arts, or at Columbus State University\u27s Tower Day held in April 2018. Together these abstracts demonstrate the commitment of our faculty to engage students in their disciplines and represent outstanding mentorship that occurs on and off our campus throughout the year. Our students have amassed an impressive collection of projects that contributes to both academia and our local community, and these abstracts will hopefully inspire others to delve into scientific and creative inquiry.https://csuepress.columbusstate.edu/abstracts/1012/thumbnail.jp

Scalable Wavelet-Based Active Network Stepping Stone Detection

Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. This research focuses on a novel active watermark technique using Discrete Wavelet Transformations to mark and detect interactive network sessions. This technique is scalable, nearly invisible and resilient to multi-flow attacks. The watermark is simulated using extracted timestamps from the CAIDA 2009 dataset and replicated in a live environment. The simulation results demonstrate that the technique accurately detects the presence of a watermark at a 5% False Positive and False Negative rate for both the extracted timestamps as well as the empirical tcplib distribution. The watermark extraction accuracy is approximately 92%. The live experiment is implemented using the Amazon Elastic Compute Cloud. The client system sends marked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted using simultaneous watermarked and unmarked samples. The live results are similar to the simulation and provide evidence demonstrating the effectiveness in a live environment to identify stepping stones

Exploratory study to explore the role of ICT in the process of knowledge management in an Indian business environment

In the 21st century and the emergence of a digital economy, knowledge and the knowledge base economy are rapidly growing. To effectively be able to understand the processes involved in the creating, managing and sharing of knowledge management in the business environment is critical to the success of an organization. This study builds on the previous research of the authors on the enablers of knowledge management by identifying the relationship between the enablers of knowledge management and the role played by information communication technologies (ICT) and ICT infrastructure in a business setting. This paper provides the findings of a survey collected from the four major Indian cities (Chennai, Coimbatore, Madurai and Villupuram) regarding their views and opinions about the enablers of knowledge management in business setting. A total of 80 organizations participated in the study with 100 participants in each city. The results show that ICT and ICT infrastructure can play a critical role in the creating, managing and sharing of knowledge in an Indian business environment