Detect Stepping-Stone Insider Attacks by Network Traffic Mining and Dynamic Programming

Mining Network Traffic Efficiently to Detect Stepping-Stone Intrusion

2012 IEEE 26th International Conference on Advanced Information Networking and Applications ◽

10.1109/aina.2012.16 ◽

2012 ◽

Cited By ~ 2

Author(s):

Yingjie Sheng ◽

Yongzhong Zhang ◽

Jianhua Yang

Keyword(s):

Network Traffic ◽

Stepping Stone

Download Full-text

Detect Stepping-stone Intrusion by Mining Network Traffic using k-Means Clustering

2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC) ◽

10.1109/ipccc50635.2020.9391521 ◽

2020 ◽

Author(s):

Lixin Wang ◽

Jianhua Yang ◽

Mary Mccormick ◽

Peng-Jun Wan ◽

Xiaohua Xu

Keyword(s):

Network Traffic ◽

Stepping Stone

Download Full-text

Sniffing and Chaffing Network Traffic in Stepping-Stone Intrusion Detection

2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA) ◽

10.1109/waina.2018.00137 ◽

2018 ◽

Author(s):

Jianhua Yang ◽

Yongzhong Zhang ◽

Robert King ◽

Tim Tolbert

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Stepping Stone

Download Full-text

Monitoring Network Traffic to Detect Stepping-Stone Intrusion

22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008) ◽

10.1109/waina.2008.30 ◽

2008 ◽

Cited By ~ 4

Author(s):

Jianhua Yang ◽

Byong Lee ◽

Stephen S.H. Huang

Keyword(s):

Network Traffic ◽

Monitoring Network ◽

Stepping Stone

Download Full-text

Using Dynamic Programming Techniques to Detect Multi-hop Stepping-Stone Pairs in a Connection Chain

2010 24th IEEE International Conference on Advanced Information Networking and Applications ◽

10.1109/aina.2010.132 ◽

2010 ◽

Author(s):

Ying-Wei Kuo ◽

Shou-Hsuan Stephen Huang ◽

Wei Ding ◽

Rebecca Kern ◽

Jianhua Yang

Keyword(s):

Dynamic Programming ◽

Stepping Stone ◽

Programming Techniques

Download Full-text

Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

Sensors ◽

10.3390/s21227464 ◽

2021 ◽

Vol 21 (22) ◽

pp. 7464

Author(s):

Jianhua Yang ◽

Lixin Wang

Keyword(s):

Data Mining ◽

Intrusion Detection ◽

Network Traffic ◽

Local Area ◽

Step Function ◽

Data Mining Algorithm ◽

Round Trip ◽

Matching Algorithm ◽

Stepping Stone ◽

Trip Time

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

Download Full-text

Mining Network Traffic with the k -Means Clustering Algorithm for Stepping-Stone Intrusion Detection

Wireless Communications and Mobile Computing ◽

10.1155/2021/6632671 ◽

2021 ◽

Vol 2021 ◽

pp. 1-9

Author(s):

Lixin Wang ◽

Jianhua Yang ◽

Xiaohua Xu ◽

Peng-Jun Wan

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Efficient Algorithm ◽

Clustering Algorithm ◽

Detection Algorithm ◽

Target System ◽

The Internet ◽

Stepping Stones ◽

Network Attacks ◽

Stepping Stone

Intruders on the Internet usually launch network attacks through compromised hosts, called stepping stones, in order to reduce the chance of being detected. With stepping-stone intrusions, an attacker uses tools such as SSH to log in several compromised hosts remotely and create an interactive connection chain and then sends attacking packets to a target system. An effective method to detect such an intrusion is to estimate the length of a connection chain. In this paper, we develop an efficient algorithm to detect stepping-stone intrusion by mining network traffic using the k -means clustering. Existing approaches for connection-chain-based stepping-stone intrusion detection either are not effective or require a large number of TCP packets to be captured and processed and, thus, are not efficient. Our proposed detection algorithm can accurately determine the length of a connection chain without requiring a large number of TCP packets being captured and processed, so it is more efficient. Our proposed detection algorithm is also easier to implement than all existing approaches for stepping-stone intrusion detection. The effectiveness, correctness, and efficiency of our proposed detection algorithm are verified through well-designed network experiments.

Download Full-text