Abstract
This paper proposes RTT-thumbprint to traceback intruders, and to detect stepping-stone intrusion; RTT-thumbprint is a sequence of timestamp pairs of a send packet and its corresponding echoed packets. Each pair of timestamps represents a round trip time (RTT) of a packet. Besides the advantages of efficiency, secrecy, and robustness, RTT-thumbprint has the ability to defeat intruder’s random delay and chaff manipulation. An exhaustive and a heuristic algorithm are proposed to correlate RTT-thumbprints. The results showed that the heuristic algorithm performs as good as the exhaustive one but is more efficient
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
DIDS (Distributed Intrusion Detection System)-Motivation, Architecture, and Early Prototype. In: Snapp, S. (ed.) Proceedings of 14th National Computer Security Conference, October 1991, pp. 167–176 (1991)
Caller Identification System in the Internet Environment. In: Jung, H. (ed.) Proceedings of 4th USENIX Security Symposium, pp. 17–32 (1993)
Staniford-Chen, S., Heberlein, L.T.: Holding Intruders Accountable on the Internet. In: Proceedings of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May 1995, pp. 39–49 (1995)
Zhang, Y., Paxson, V.: Detecting stepping-stone. In: Proceedings of the 9th USENIX Security Symposium, Denver, CO, pp. 67–81 (2000)
Yoda, K., Etoh, H.: Finding Connection Chain for Tracing Intruders. In: Proceedings of the 6th European Symposium on Research in Computer Security, Toulouse, France, October 2000. LNCS, vol. 1985, pp. 31–42. Springer, Heidelberg (2000)
Yang, J., Huang, S.-H.S.: Correlating Temporal Thumbprints for Tracing Intruders. To appear in Proceedings of 3rd International Conference on Computing, Communications and Control Technologies (CCCT 2005), Austin, TX (July 2005)
Yang, J., Huang, S.-H.S.: Matching TCP Packets and Its Application to the Detection of Long Connection Chains. In: Proceedings (IEEE) of 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China, March 2005, pp. 1005–1010 (2005)
Ylonen, T.: SSH—Secure Login Connections Over the Internet. In: 6th USENIX Security Symposium, San Jose, CA, USA, pp. 37–42 (1996)
University of Southern California: Transmission Control Protocol. RFC 793 (September 1981)
Clark, M.P.: Data Networks, IP and the Internet Protocols, Design and Operation. Wiley, New York (2003)
Ylonen, T.: SSH Transport Layer Protocol, draft IETF document, http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-18.txt (accessed June 2004)
Ylonen, T.: SSH Protocol Architecture, draft IETF document, http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-16.txt (accessed June 2004)
Lawrence Berkeley National Laboratory (LBNL): The Packet Capture library, ftp://ftp.ee.lbl.gov/libpcap.tar.z (accessed March 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, J., Huang, SH.S. (2005). Improved Thumbprint and Its Application for Intrusion Detection. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_47
Download citation
DOI: https://doi.org/10.1007/11534310_47
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28102-3
Online ISBN: 978-3-540-31868-2
eBook Packages: Computer ScienceComputer Science (R0)