Stepping-stone detection technique for recognizing legitimate and attack connections

A stepping-stone connection has always been assumed as an intrusion since the first research on stepping-stone connections twenty years ago. However, not all stepping-stone connections are malicious.This paper proposes an enhanced stepping-stone detection (SSD) technique which is capable to identify legitimate connections from stepping-stone connections.Stepping-stone connections are identified from raw network traffics using timing-based SSD approach.Then, they go through an anomaly detection technique to differentiate between legitimate and attack connections.This technique has a promising solution to accurately detecting intrusions from stepping-stone connections.It will prevent incorrect responses that punish legitimate users

A quick-response real-time stepping stone detection scheme

Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%

Getting the real-time precise round-trip time for stepping stone detection

Stepping stone attacks are often used by network intruders to hide their identities. The Round Trip Times (RTT) between the send packets and corresponding echo packets for the connection chains of stepping stones are critical for detecting such attacks. In this paper, we propose a novel real-time RTT getting algorithm for stepping stones which is based on the estimation of the current RTT value. Our experiments show that it is far more precise than the previous real-time RTT getting algorithms. We also present the probability analysis which shows that our algorithm has a high matching rate and a high accurate rate

Intelligent Network-Based Stepping Stone Detection Approach.

This research intends to introduce a new usage of Artificial Intelligent (AI) approaches in Stepping Stone Detection (SSD) fields of research

Sophisticated denial-of-service attack detections through integrated architectural, OS, and appplication level events monitoring

As the first step to defend against DoS attacks, Network-based Intrusion Detection System is well explored and widely used in both commercial tools and research works. Such IDS framework is built upon features extracted from the network traffic, which are application-level features, and is effective in detecting flooding-based DoS attacks. However, in a sophisticated DoS attack, where an attacker manages to bypass the network-based monitors and launch a DoS attack locally, sniffer-based methods have difficulty in differentiating attacks with normal behaviors, since the malicious connection itself behaves in the same manner of normal connections. In this work, we study a Host-based IDS framework which integrates features from architectural and operating system (OS) levels to improve performance of sophisticated DoS intrusion detection. Network traffic collected from a campus network, and real-world exploits are used to provide a realistic evaluation

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Evolution of stepping stone detection and emerging applications

Stepping Stone Detection (SSD) is conventionally intended for the detection of series of host computers used by attackers to hide their track in a network or host environment.This paper discusses the evolution of SSD and potential applications in other emerging fields. Novel, unique SSD models will be presented for spam, backdoor and proxy detections and expressed mathematically. These preliminary models have promising solutions for addressing current problems in these areas and may be expanded on in the future