Packet Scheduling Against Stepping-Stone Attacks with Chaff

Packet Scheduling Against Stepping-Stone Attacks with Chaff
Ting He, Parvathinathan Venkitasubramaniam, Lang Tong

Citation
Ting He, Parvathinathan Venkitasubramaniam, Lang Tong. "Packet Scheduling Against Stepping-Stone Attacks with Chaff". Proceedings of IEEE MILCOM, Cornell University, October, 2006.

Abstract
We consider scheduling packet transmissions in a network so that the efficiency of stepping-stone attacks can be severely restrained with the help of stepping-stone monitors. We allow the attacker to encrypt and pad the packets, perturb the timing of packets, and insert chaff packets, but the timing perturbation is subject to a maximum delay constraint. We show that if we randomize packet transmissions, then the attacker has to insert a large amount of chaff to evade detection completely. In particular, if all transmissions are scheduled as Poisson processes, then the fraction of attacking packets in the attacker's traffic decreases exponentially with the length of the intrusion path.

Electronic downloads

HeVenkTong06MILCOM.pdf · application/pdf · 103 kbytes

Citation formats

HTML

Ting He, Parvathinathan Venkitasubramaniam, Lang Tong. <a
href="http://www.truststc.org/pubs/169.html"
>Packet Scheduling Against Stepping-Stone Attacks with
Chaff</a>, Proceedings of IEEE MILCOM, Cornell
University, October, 2006.

Plain text

Ting He, Parvathinathan Venkitasubramaniam, Lang Tong.
"Packet Scheduling Against Stepping-Stone Attacks with
Chaff". Proceedings of IEEE MILCOM, Cornell University,
October, 2006.

BibTeX

@inproceedings{HeVenkitasubramaniamTong06_PacketSchedulingAgainstSteppingStoneAttacksWithChaff,
    author = {Ting He and Parvathinathan Venkitasubramaniam and
              Lang Tong},
    title = {Packet Scheduling Against Stepping-Stone Attacks
              with Chaff},
    booktitle = {Proceedings of IEEE MILCOM},
    organization = {Cornell University},
    month = {October},
    year = {2006},
    abstract = {We consider scheduling packet transmissions in a
              network so that the efficiency of stepping-stone
              attacks can be severely restrained with the help
              of stepping-stone monitors. We allow the attacker
              to encrypt and pad the packets, perturb the timing
              of packets, and insert chaff packets, but the
              timing perturbation is subject to a maximum delay
              constraint. We show that if we randomize packet
              transmissions, then the attacker has to insert a
              large amount of chaff to evade detection
              completely. In particular, if all transmissions
              are scheduled as Poisson processes, then the
              fraction of attacking packets in the attacker's
              traffic decreases exponentially with the length of
              the intrusion path.},
    URL = {http://www.truststc.org/pubs/169.html}
}

Posted by Lang Tong on 11 Feb 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.