Sciweavers

CCS
2003
ACM

Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays

14 years 5 months ago
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays
Network based intruders seldom attack directly from their own hosts, but rather stage their attacks through intermediate “stepping stones” to conceal their identity and origin. To identify attackers behind stepping stones, it is necessary to be able to correlate connections through stepping stones, even if those connections are encrypted or perturbed by the intruder to prevent traceability. The timing-based approach is the most capable and promising current method for correlating encrypted connections. However, previous timing-based approaches are vulnerable to packet timing perturbations introduced by the attacker at stepping stones. In this paper, we propose a novel watermark-based correlation scheme that is designed specifically to be robust against timing perturbations. The watermark is introduced by slightly adjusting the timing of selected packets of the flow. By utilizing redundancy techniques, we have developed a robust watermark correlation framework that reveals a rather...
Xinyuan Wang, Douglas S. Reeves
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CCS
Authors Xinyuan Wang, Douglas S. Reeves
Comments (0)