Mining TCP/IP packets to detect stepping-stone intrusion

Computers and Security

Volumn 26, Issue 7-8, 2007, Pages 479-484

  Yang, Jianhua ^a   Huang, Shou Hsuan Stephen ^b  

^a BENNETT COLLEGE   (United States)

^b University of Houston ^*  (United States)

Author keywords

Clustering; Intrusion detection; Network security; Partitioning; Round trip time; Stepping stone

Indexed keywords

CLUSTERING ALGORITHMS; DATA MINING; ERROR ANALYSIS; NETWORK SECURITY; PACKET NETWORKS; TRANSMISSION CONTROL PROTOCOL;

CONNECTION CHAINS; ECHO PACKETS; PARTITIONING; ROUND TRIP TIME;

INTRUSION DETECTION;

EID: 36549082411     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2007.07.001     Document Type: Article

References (19)

1. Bishop Mathew. UNIX security: threats and solutions. In: Invited talk given at the 1995 system administration, networking, and security conference, Washington, DC; April 1995.
2. Bertsekas D., and Gallager R. Data networks (1992), Prentice Hall, Englewood Cliffs, NJ p. 211-3
3. Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Donoho D.L. (Ed). Proceedings of the 5th international symposium on recent advances in intrusion detection, Zurich, Switzerland (2002) 45-59
4. Friedman M., and Kandel A. Introduction to pattern recognition: statistical, structural, neural, and fuzzy logic approaches (1999), NJ World Scientific Publishing Co, River Edge, London
5. Garvey TD, Lunt TF. Model based intrusion detection. In: Proceedings of the 14th national computer security conference, Baltimore, MD; October 1991. p. 373-85.
6. Jain A., and Dubes R. Algorithms for clustering data (1988), Prentice Hall, Inc, New Jersey p. 55-143
7. Kao E. An introduction to stochastic processes (1996), Duxbury Press, New York p. 47-87
8. Li Qiong, Mills David L. On the long-range dependence of packet round-trip delays in Internet. In: Proceedings of international conference on communications (ICC'98), Atlanta, USA, No. 1; June 1998. p 1185-92.
9. Mirkin B. Mathematical classification and clustering (1996), Kluwer Academic Publishers, Dordrecht, The Netherlands p. 169-98
10. Paxson V., and Floyd S. Wide-area traffic: the failure of poisson modeling. IEEE/ACM Trans Netw 3 (1995) 226-244
11. Russell D., and Gangemi Sr. G.T. Computer security basics (December 1991), O'Reilly & Associates, Inc, Sebastopol, CA
12. Staniford-Chen S, Heberlein L Todd. Holding intruders accountable on the Internet. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA; 1995. p. 39-49.
13. Yoda K, Etoh H. Finding connection chain for tracing intruders. In: Proceedings of 6th European symposium on research in computer security (LNCS 1985), Toulouse, France; 2000. p. 31-42.
14. Yung K.H. Detecting long connecting chains of interactive terminal sessions. RAID 2002 (October 2002), Springer Press, Zurich, Switzerland 1-16
15. Yang Jianhua, Huang Shou-Hsuan Stephen. A real-time algorithm to detect long connection chains of interactive terminal sessions. In: Proceedings of 3rd international conference on information security (Infosecu'04), Shanghai, China; November 2004. p. 198-203.
16. Yang Jianhua, Huang Shou-Hsuan Stephen. Matching TCP packets and its application to the detection of long connection chains. In: Proceedings (IEEE) of 19th international conference on advanced information networking and applications (AINA'05), Taipei, Taiwan; March 2005. p. 1005-10.
17. Ylonen T. SSH protocol architecture. Draft IETF document, ; June 2004a.
18. Ylonen T. SSH transport layer protocol. Draft IETF document, ; June 2004b.
19. Zhang Yin, Paxson Vern. Detecting stepping-stones. In: Proceedings of the 9th USENIX security symposium, Denver, CO; August 2000. p. 67-81.