Sciweavers

AINA
2010
IEEE

Resist Intruders' Manipulation via Context-Based TCP/IP Packet Matching

13 years 11 months ago
Resist Intruders' Manipulation via Context-Based TCP/IP Packet Matching
—Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade steppingstone intrusion detection. Intruders’ evasion makes detecting stepping-stone intrusion more difficult. In this paper, we propose a new approach, context-based TCP/IP packet matching, to detect stepping-stone intrusion, as well as resisting intruders’ evasion. The analysis shows that this approach can resist intruders’ time-jittering evasion. The simulation results showed even an intruder could chaff a connection with chaff-rate as high as 100%, this approach can still match the two connections to detect the intrusion and to resist intruders’ chaff-perturbation evasion. Keywords- Network security; intrusion detection; timejittering; chaff-perturbation; stepping-stone; evasion; manipulation
Yongzhong Zhang, Jianhua Yang, Santhoshkumar Bedig
Added 12 Jan 2011
Updated 12 Jan 2011
Type Journal
Year 2010
Where AINA
Authors Yongzhong Zhang, Jianhua Yang, Santhoshkumar Bediga, Stephen S. H. Huang
Comments (0)