TSYS School Research Team Combats Chaff Attacks

TSYS School computer science students Maochang Qin and Noah Neundorfer recently gained valuable research experience after joining TSYS School professors Jianhua Yang and Lixin Wang in an investigation of how attackers can exploit compromised hosts to launch attacks over the Internet.  Such attacks are called stepping-stone intrusions, and they work by placing an intruder behind a long connection chain consisting of multiple compromised hosts.  Most attackers establish a long connection chain with more than three stepping stones to better protect themselves when launching attacks.  As these researchers explain in their new study appearing in Electronics, explains, many algorithms have been proposed to detect stepping-stone intrusions, but most detection algorithms are weak in resisting intruders’ session manipulation, such as chaff perturbation.  Chaff perturbation is a concealment method in which attackers can insert some trivial packets into a regular IP connection to make two relayed sessions appear unrelated.  To combat chaff perturbation, the study proposes a novel detection algorithm that shows network traffic cross matching can be effective in resisting chaff attacks.  Experimental results over the AWS cloud that are detailed in the study show that their proposed algorithm is capable of resisting chaff attacks at a rate up to 100 percent.