Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629414
L. Zhang , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA
A.G. Persaud , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA
A. Johnson , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA
Y. Guan , Dept. of Electr.&Comput. Eng., Iowa State Univ., Ames, IA, USA
Network based attackers often relay attacks through intermediary hosts (i.e., stepping stones) to evade detection. In addition, attackers make detection more difficult by encrypting attack traffic and introducing delay and chaff perturbations into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff perturbations exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers cannot always evade detection only by adding limited delay and independent chaff perturbations. We provide the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and the experimental results show that our algorithms are more effective in detecting stepping stone attacks in some scenarios.
false attribution probability, stepping stone attack detection, delay, chaff perturbation, attack traffic encryption
Y. Guan, L. Zhang, A. Johnson and A. Persaud, "Detection of stepping stone attack under delay and chaff perturbations," Performance, Computing, and Communications Conference, 2002. 21st IEEE International(PCC), Phoenix, AZ, USA, 2006, pp. 36.