A research survey in stepping-stone intrusion detection

Stepping Stone Detection Analysis

Modeling and Detecting Stepping-Stone Intrusion

Most network intruders launch their attacks through steppingstones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with an outgoing connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the i...

Research in Intrusion-Detection Systems: A Survey

Design Issues in Stepping Stone Detection

In the rapid changing inter-connected environment, cyber criminals are opting sophisticated tools to hide their identities and locations. Stepping stones are now popular among the miscreants and making the situations worse. The paper details the role of stepping stones in hiding the cyber criminals and highlights it as challenge to differentiate the stepping stones from legitimate computers in ...

Matching TCP/IP Packets to Detect Stepping-Stone Intrusion

We propose a “Step-Function” method to detect network attackers from using a long connection chain to hide their identities when they launch attacks. The objective of the method is to estimate the length of a connection chain based on the changes in packet round trip times. The key point to compute the round trip time of a connection chain is to match a Send and its corresponding Echo packet. W...