To reduce the likelihood of detection, modern-day hackers usually send attacking commands to a target system through several stepping-stone hosts. Such stepping-stone intrusion conceals the intruder’s identity behind a long interactive connection chain of hosts. An effective approach for stepping-stone intrusion detection is to determine how many connections are contained in a connection chain. This type of defense is called network-based stepping-stone intrusion detection. A new study by TSYS School faculty Lixin Wang, Jianhua Yang, and their student Jae Kim, along with Peng-Jun Wan of the Illinois Institute of Technology, explains that most existing network-based stepping-stone intrusion detection approaches work only for network traffic without intruders’ session manipulation. As they explain, the known network-based stepping-stone intrusion detection algorithms are either too weak to resist intruders’ chaff-perturbation manipulation or have very limited capability in resisting attacker’s session manipulation. In response, their paper, which appears in a recent issue of Electronics, develops a novel network-based stepping-stone intrusion detection algorithm that is resistant to intruders’ chaff-perturbation by using packet crossover. The network-based stepping-stone intrusion detection approach proposed by Wang et al. is easy to implement and verified by rigorous technical proofs and well-designed network experiments. The experimental results presented and discussed in the study show that the proposed network-based stepping-stone intrusion detection algorithm works to resist intruders’ chaff-perturbation up to a chaff rate of 50%.
Comments
Post a Comment