Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Pai Peng Articles by Peng Ning Articles by Douglas S. Reeves Articles by Xinyuan Wang

Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)

Columbus, Ohio, USA

June 06-June 10

ISBN: 0-7695-2328-5

	ASCII Text	x
	Pai Peng, Peng Ning, Douglas S. Reeves, Xinyuan Wang, "Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 107-113, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.30, author = {Pai Peng and Peng Ning and Douglas S. Reeves and Xinyuan Wang}, title = {Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {107-113}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets SN - 1545-0678 SP107 EP113 A1 - Pai Peng, A1 - Peng Ning, A1 - Douglas S. Reeves, A1 - Xinyuan Wang, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Pai Peng, North Carolina State University

Peng Ning, North Carolina State University

Douglas S. Reeves, North Carolina State University

Xinyuan Wang, George Mason University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.30

Network intruders usually launch their attacks through a chain of intermediate stepping stone hosts in order to hide their identities. Detecting such stepping stone attacks is difficult because packet encryption, timing perturbations, and meaningless chaff packets can all be utilized by attackers to evade from detection. In this paper, we propose a method based on packet matching and timing-based active watermarking that can successfully correlate interactive stepping stone connections even if there are chaff packets and limited timing perturbations. We provide several algorithms that have different trade-offs among detection rate, false positive rate and computation cost. Our experimental evaluation with both real world and synthetic data indicates that by integrating packet matching and active watermarking, our approach has overall better performance than existing schemes.

Citation:

Pai Peng, Peng Ning, Douglas S. Reeves, Xinyuan Wang, "Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets," icdcsw, vol. 2, pp.107-113, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.