Team for Research in
Ubiquitous Secure Technology

Detecting Encrypted Interactive Stepping-Stone Connections
Ting He, Lang Tong

Citation
Ting He, Lang Tong. "Detecting Encrypted Interactive Stepping-Stone Connections". Proceedings of IEEE ICASSP, Cornell University, May, 2006.

Abstract
Network intruders often hide their identities by sending attacks through a chain of compromised hosts that are used as “stepping stones”. The difficulty in defending against such attacks lies in detecting stepping-stone connections at the compromised hosts. In this paper, to distinguish normal from attacking connections, we consider strategies that do not depend on the content of the traffic so that they are applicable to encrypted traffic. We propose a low complexity detection algorithm that has no miss detection and an exponentially-decaying false alarm probability. A sequential strategy is then developed to reduce the required number of testing packets.

Electronic downloads

Citation formats  
  • HTML
    Ting He, Lang Tong. <a
    href="http://www.truststc.org/pubs/171.html"
    >Detecting Encrypted Interactive Stepping-Stone
    Connections</a>, Proceedings of IEEE ICASSP, Cornell
    University, May, 2006.
  • Plain text
    Ting He, Lang Tong. "Detecting Encrypted Interactive
    Stepping-Stone Connections". Proceedings of IEEE
    ICASSP, Cornell University, May, 2006.
  • BibTeX
    @inproceedings{HeTong06_DetectingEncryptedInteractiveSteppingStoneConnections,
        author = {Ting He and Lang Tong},
        title = {Detecting Encrypted Interactive Stepping-Stone
                  Connections},
        booktitle = {Proceedings of IEEE ICASSP},
        organization = {Cornell University},
        month = {May},
        year = {2006},
        abstract = {Network intruders often hide their identities by
                  sending attacks through a chain of compromised
                  hosts that are used as âstepping stonesâ. The
                  difficulty in defending against such attacks lies
                  in detecting stepping-stone connections at the
                  compromised hosts. In this paper, to distinguish
                  normal from attacking connections, we consider
                  strategies that do not depend on the content of
                  the traffic so that they are applicable to
                  encrypted traffic. We propose a low complexity
                  detection algorithm that has no miss detection and
                  an exponentially-decaying false alarm probability.
                  A sequential strategy is then developed to reduce
                  the required number of testing packets.},
        URL = {http://www.truststc.org/pubs/171.html}
    }
    

Posted by Lang Tong on 11 Feb 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.