@inproceedings{3c19ef5e91e04209a1758dee2204718c,
title = "A signal processing perspective to stepping-stone detection",
abstract = "Malicious use of anonymity techniques makes network attackers difficult to track. The problem is even worse in stepping-stone attacks, where multiple anonymous connections are linked to form an intrusion path. The tracking of a steppingstone attacker requires the detection of all the connection pairs on the intrusion path. In this paper, we consider the problem of identifying a stepping-stone connection pair at an intermediate host. We formulate the problem as one of nonparametric hypotheses testing. Our attacker model allows the attacker to encrypt the traffic and modify the timing. We propose two algorithms which do not depend on the content of the traffic. Our techniques only make generic assumptions such as delay or memory constraints, and therefore they are applicable in most practical systems. We show that our algorithms can detect all the stepping-stone connections while falsely accusing normal traffic with exponentially-decaying probabilities.",
author = "Ting He and Lang Tong",
year = "2006",
month = jan,
day = "1",
doi = "10.1109/CISS.2006.286555",
language = "English (US)",
isbn = "1424403502",
series = "2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "687--692",
booktitle = "2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings",
address = "United States",
note = "2006 40th Annual Conference on Information Sciences and Systems, CISS 2006 ; Conference date: 22-03-2006 Through 24-03-2006",
}