Stepping Stone Attack Attribution in Non-Cooperative IP Networks
Zhang, Linfeng and Persaud, Anthony and Johnson, Alan and Guan, Yong (2004) Stepping Stone Attack Attribution in Non-Cooperative IP Networks. Publisher UNSPECIFIED.
Full text available as:
Network based attackers often relay attacks through intermediary hosts which are called stepping stones to evade detection. It is difficult to attribute the real attacker in non-cooperative IP networks. Attackers also make detection more difficult by introducing delay and chaff into stepping stone connections. Several approaches have been proposed to detect stepping stone attacks. However, none of them performs effectively when delay and chaff exist simultaneously. In this paper, we propose and analyze algorithms which represent that attackers can not always evade detection only by adding limited delay and independent chaff. We give the upper bounds on the number of packets needed to confidently detect stepping stone connections from non-stepping stone connections with any given probability of false attribution. We compare our algorithms with previous ones and our experiments show that our algorithms are more effective in detecting stepping stones in some scenarios.
Archive Staff Only: edit this record