ISU Electrical and Computer Engineering Archives

Stepping Stone Attack Attribution in Non-Cooperative IP Networks

Zhang, Linfeng and Persaud, Anthony and Johnson, Alan and Guan, Yong (2004) Stepping Stone Attack Attribution in Non-Cooperative IP Networks. Publisher UNSPECIFIED.

Full text available as:

PDF (PDF) - Requires Adobe Acrobat Reader or other PDF viewer.


Network based attackers often relay attacks through intermediary hosts which are called stepping stones to evade detection. It is difficult to attribute the real attacker in non-cooperative IP networks. Attackers also make detection more difficult by introducing delay and chaff into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers can not always evade detection only by adding limited delay and independent chaff. We give the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and our experiments show that our algorithms are more effective in detecting stepping stones in some scenarios.

EPrint Type:Technical Report
Uncontrolled Keywords:stepping stone attack, traffic correlation, traceback
Subjects:Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Information Assurance
Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Computer Networking and Security
ID Code:135
Identification Number:TR-2005-02-1
Deposited By:Dr. Yong Guan
Deposited On:26 February 2005

Archive Staff Only: edit this record