Abstract
-Attackers on the Internet typically launch network intrusions indirectly by creating a long connection via intermediary hosts, called stepping-stones. One way to detect such intrusion is to check the number of intermediary hosts. Neural networks provide the potential to identify and classify network activity. In this paper, we propose an approach to stepping-stone intrusion detection that utilizes the analytical strengths of neural networks. An improved scheme was developed for neural network investigation. This method clustered a sequence of consecutive Round-Trip Times (RTTs). It was found that neural networks were able to predict the number of stepping-stones for incoming packets by the proposed method without monitoring a connection chain all the time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Yung, K.H., “Detecting Long Connecting Chains of Interactive Terminal Sessions”, RAID 2002, Springer Press, Zurich, Switzerland, pp. 1-16, October 2002.
Yang, J.H., and Huang, S-H.S., “A Real-Time Algorithm to Detect Long Connection Chains of Interactive Terminal Sessions”, Proceedings of 3rd International Conference on Information Security (Infosecu’ 04), Shanghai, China, pp. 198-203, November 2004.
Staniford-Chen, S. and Heberlein, L.T., “Holding Intruders Accountable on the Internet”, in Proc. of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 39-49, May 1995.
Zhang, Y. and Paxson, V., “Detecting Stepping Stones”, in Proc. of the 9th USENIX Security Symposium, Denver, CO, pp. 171-184, August 2000.
Yoda, K. and Etoh, H., “Finding a Connection Chain for Tracing Intruders”, 6th European Symposium on Research in Computer Security-ESORICS 2000 LNCS-1895, Toulouse, France, pp. 31-42, October 2000.
Donoho, D., Flesia, A.G., Shankar, U., Paxson, V., Coit, J. and Staniford, S., “Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay”, 5th International Symposium on Recent Advances in Intrusion Detection, Lecture Notes in Computer Science 2516, New York, Springer, 2002.
Wang, X. and Reeves, D., “Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Manipulation of Inter-packet Delays”, in Proc. of the 2003 ACM Conference on Computer and Communications Security (CCS 2003), ACM Press, pp. 20-29, October 2003.
He, T. and Tong, L., “Detecting Encrypted Stepping-stone Connections”, IEEE Trans. on Signal Processing, Feb. 2006.
Blum A., Song D. and Venkataraman S., “Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds,” in Proc. of 7th International Symposium on Recent Advances in Intrusion Detection (RAID ‘ 04), Springer LNCS 3224, pp. 258-277, 2004.
Wu, H.C., Huang, S-H.S., “Detecting Stepping-Stone with Chaff Perturbation,” in Proc. of AINA, International Symposium on Frontiers in Networking with Applications (FINA 2007), Ontario, CA, Vol. 1 pp. 85-90, May 2007.
Cannady, J., “Artificial Neural Networks for Misuse Detection,” Proceedings, National Information Systems Security Conference (NISSC’ 98), Arlington, VA, pp. 443-456, October, 1998.
Ghosh, A., Schwartzbard, A., and Shatz, M., “Learning Program Behavior Profiles for Intrusion Detection,” in Proceedings First USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, April 1999.
Lippmann R.P., Cunningham, R.K., Improving Intrusion Detection Performance using Keyword Selection and Neural Networks, RAID Proc., West Lafayette, Indiana, Sep. 1999.
Ryan, J., Lin, M., and Mikkulainen, R., “Intrusion Detection with Neural Networks,” Advances in Neural Information Processing Systems, Vol. 10, MIT Press, 1998.
Yang, J.H., Huang, S-H.S., and Wan, M.D., “A Clustering-Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection,” Proceedings of International Conference on Advanced Information Networking and Applications (AINA 2006), Vienna, Austria, Vol. 1, pp 231-236, April 2006.
Wu, H.C., Huang, S-H.S., “Performance of Neural Networks in Stepping-Stone Intrusion Detection,” IEEE International Conference on Networking, Sensing and Control (ICNSC), Sanya, Hainan Island, China, April, 2008 (accepted).
Li, Q., Mills, D.L., “On the Long-range Dependence of Packet Round-trip Delays in Internet,” Proceedings of International Conference on Communications, Atlanta, GA, Vol. 1. pp. 1185-1192, June 1998.
Yang, J.H., and Huang, S-H.S., “Matching TCP Packets and Its Application to the Detection of Long Connection Chains,” Proceedings of International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, pp 1005-1010, March 2005.
Yang, J.H. “Detecting and Preventing Stepping-Stone Intrusion by Monitoring Network Packets,” Ph D Dissertation, Department of Computer Science, University of Houston, Houston, Texas, August 2006.
Russell, S. and Norvig, P., Artifitial Intelligence: A Modern Approach, 2nd edition, Prentice-Hall, 2003.
NeuralWare, NeuraWorks Professional II Plus manual, Pittsburgh, PA, 2003.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media B.V.
About this paper
Cite this paper
Wu, HC., Huang, SH.S. (2008). Stepping-Stone Intrusion Detection Using Neural Networks Approach. In: Sobh, T., Elleithy, K., Mahmood, A., Karim, M.A. (eds) Novel Algorithms and Techniques In Telecommunications, Automation and Industrial Electronics. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8737-0_64
Download citation
DOI: https://doi.org/10.1007/978-1-4020-8737-0_64
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-8736-3
Online ISBN: 978-1-4020-8737-0
eBook Packages: EngineeringEngineering (R0)