-- Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with outgoing connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson ProductMoment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a steppingstone intrusion. The experiment results showed that a stepping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders’ evasion....
Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Long