Detecting Stepping Stones
نویسندگان
چکیده
One widely-used technique by which network attackers attain anonymity and complicate their apprehension is by employing stepping stones: they launch attacks not from their own computer but from intermediary hosts that they previously compromised. We develop an efficient algorithm for detecting stepping stones by monitoring a site’s Internet access link. The algorithm is based on the distinctive characteristics (packet size, timing) of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted. We evaluate the algorithm on large Internet access traces and find that it performs quite well. However, the success of the algorithm is tempered by the discovery that large sites have many users who routinely traverse stepping stones for a variety of legitimate reasons. Hence, stepping-stone detection also requires a significant policy component for separating allowable stepping-stone pairs from surreptitious access.
منابع مشابه
Public Information Server for Tracing Intruders in the Internet
The number of computer break-ins from the outside of an organization has increased with the rapid growth of the Internet. Since many intruders from the outside of an organization employ stepping stones, it is difficult to trace back where the real origin of the attack is. Some research projects have proposed tracing methods for DoS attacks and detecting method of stepping stones. It is still di...
متن کاملDesign Issues in Stepping Stone Detection
In the rapid changing inter-connected environment, cyber criminals are opting sophisticated tools to hide their identities and locations. Stepping stones are now popular among the miscreants and making the situations worse. The paper details the role of stepping stones in hiding the cyber criminals and highlights it as challenge to differentiate the stepping stones from legitimate computers in ...
متن کاملThe loop fallacy and deterministic serialisation in tracing intrusion connections through stepping stones
In order to conceal their identity and origin, network based intruders seldom attack directly from their own hosts, but rather stage their attacks through intermediate ‘stepping stones’. To identify attackers behind stepping stones, it is necessary to be able to trace and correlate attack traffic through the stepping stones and construct the correct intrusion connection chain. A complete soluti...
متن کاملMatching Connection Pairs
When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There...
متن کاملInter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
Network based intrusions have become a serious threat to the users of the Internet. Intruders who wish to attack computers attached to the Internet frequently conceal their identity by staging their attacks through intermediate “stepping stones”. This makes tracing the source of the attack substantially more difficult, particularly if the attack traffic is encrypted. In this paper, we address t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000