Team for Research in
Ubiquitous Secure Technology

Packet Scheduling Against Stepping-Stone Attacks with Chaff
Ting He, Parvathinathan Venkitasubramaniam, Lang Tong

Citation
Ting He, Parvathinathan Venkitasubramaniam, Lang Tong. "Packet Scheduling Against Stepping-Stone Attacks with Chaff". Proceedings of IEEE MILCOM, Cornell University, October, 2006.

Abstract
We consider scheduling packet transmissions in a network so that the efficiency of stepping-stone attacks can be severely restrained with the help of stepping-stone monitors. We allow the attacker to encrypt and pad the packets, perturb the timing of packets, and insert chaff packets, but the timing perturbation is subject to a maximum delay constraint. We show that if we randomize packet transmissions, then the attacker has to insert a large amount of chaff to evade detection completely. In particular, if all transmissions are scheduled as Poisson processes, then the fraction of attacking packets in the attacker's traffic decreases exponentially with the length of the intrusion path.

Electronic downloads

Citation formats  
  • HTML
    Ting He, Parvathinathan Venkitasubramaniam, Lang Tong. <a
    href="http://www.truststc.org/pubs/169.html"
    >Packet Scheduling Against Stepping-Stone Attacks with
    Chaff</a>, Proceedings of IEEE MILCOM, Cornell
    University, October, 2006.
  • Plain text
    Ting He, Parvathinathan Venkitasubramaniam, Lang Tong.
    "Packet Scheduling Against Stepping-Stone Attacks with
    Chaff". Proceedings of IEEE MILCOM, Cornell University,
    October, 2006.
  • BibTeX
    @inproceedings{HeVenkitasubramaniamTong06_PacketSchedulingAgainstSteppingStoneAttacksWithChaff,
        author = {Ting He and Parvathinathan Venkitasubramaniam and
                  Lang Tong},
        title = {Packet Scheduling Against Stepping-Stone Attacks
                  with Chaff},
        booktitle = {Proceedings of IEEE MILCOM},
        organization = {Cornell University},
        month = {October},
        year = {2006},
        abstract = {We consider scheduling packet transmissions in a
                  network so that the efficiency of stepping-stone
                  attacks can be severely restrained with the help
                  of stepping-stone monitors. We allow the attacker
                  to encrypt and pad the packets, perturb the timing
                  of packets, and insert chaff packets, but the
                  timing perturbation is subject to a maximum delay
                  constraint. We show that if we randomize packet
                  transmissions, then the attacker has to insert a
                  large amount of chaff to evade detection
                  completely. In particular, if all transmissions
                  are scheduled as Poisson processes, then the
                  fraction of attacking packets in the attacker's
                  traffic decreases exponentially with the length of
                  the intrusion path.},
        URL = {http://www.truststc.org/pubs/169.html}
    }
    

Posted by Lang Tong on 11 Feb 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.