A signal processing perspective to stepping-stone detection

Ting He, Lang Tong

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

Malicious use of anonymity techniques makes network attackers difficult to track. The problem is even worse in stepping-stone attacks, where multiple anonymous connections are linked to form an intrusion path. The tracking of a steppingstone attacker requires the detection of all the connection pairs on the intrusion path. In this paper, we consider the problem of identifying a stepping-stone connection pair at an intermediate host. We formulate the problem as one of nonparametric hypotheses testing. Our attacker model allows the attacker to encrypt the traffic and modify the timing. We propose two algorithms which do not depend on the content of the traffic. Our techniques only make generic assumptions such as delay or memory constraints, and therefore they are applicable in most practical systems. We show that our algorithms can detect all the stepping-stone connections while falsely accusing normal traffic with exponentially-decaying probabilities.

Original languageEnglish (US)
Title of host publication2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages687-692
Number of pages6
ISBN (Print)1424403502, 9781424403509
DOIs
StatePublished - Jan 1 2006
Event2006 40th Annual Conference on Information Sciences and Systems, CISS 2006 - Princeton, NJ, United States
Duration: Mar 22 2006Mar 24 2006

Publication series

Name2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings

Other

Other2006 40th Annual Conference on Information Sciences and Systems, CISS 2006
Country/TerritoryUnited States
CityPrinceton, NJ
Period3/22/063/24/06

All Science Journal Classification (ASJC) codes

  • General Computer Science

Cite this