A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jianhua Yang Articles by Shou-Hsuan Stephen Huang Articles by Ming D. Wan

20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06)

Vienna, Austria

April 18-April 20

ISBN: 0-7695-2466-4

	ASCII Text	x
	Jianhua Yang, Shou-Hsuan Stephen Huang, Ming D. Wan, "A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection," Advanced Information Networking and Applications, International Conference on, vol. 1, pp. 231-236, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006.

	BibTex	x
	@article{ 10.1109/AINA.2006.13, author = {Jianhua Yang and Shou-Hsuan Stephen Huang and Ming D. Wan}, title = {A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {1}, year = {2006}, issn = {1550-445X}, pages = {231-236}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2006.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection SN - 1550-445X SP231 EP236 A1 - Jianhua Yang, A1 - Shou-Hsuan Stephen Huang, A1 - Ming D. Wan, PY - 2006 KW - Network security KW - intrusion detection KW - round-trip time KW - stepping-stone KW - clustering KW - partitioning VL - 1 JA - Advanced Information Networking and Applications, International Conference on ER -

Jianhua Yang, University of Houston

Shou-Hsuan Stephen Huang, University of Houston

Ming D. Wan, University of Houston

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2006.13

An effective approach for detecting stepping-stone intrusion is to estimate the number of hosts compromised through estimating the length of a connection chain. This can be done by studying the changes in TCP packet roundtrip time. In this paper, we propose a new algorithm by using maximum-minimum distance clustering and partitioning method to find the round-trip time from the timestamps of TCP send and echo packets. Previous algorithms produce either good results on very few packets, or poor results on many packets. This method gives us better round-trip time and more packets than other algorithms proposed in the past.

Index Terms:

Network security, intrusion detection, round-trip time, stepping-stone, clustering, partitioning

Citation:

Jianhua Yang, Shou-Hsuan Stephen Huang, Ming D. Wan, "A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection," aina, vol. 1, pp.231-236, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.