Mining Network Traffic Efficiently to Detect Stepping-Stone Intrusion

2012 ◽  
Author(s):  
Yingjie Sheng ◽  
Yongzhong Zhang ◽  
Jianhua Yang
Keyword(s):  
Network Traffic ◽  
Stepping Stone

scholarly journals Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

Sensors ◽  
2021 ◽  
Vol 21 (22) ◽  
pp. 7464
Author(s):  
Jianhua Yang ◽  
Lixin Wang
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Local Area ◽  
Step Function ◽  
Data Mining Algorithm ◽  
Round Trip ◽  
Matching Algorithm ◽  
Stepping Stone ◽  
Trip Time

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

scholarly journals Mining Network Traffic with the k -Means Clustering Algorithm for Stepping-Stone Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Lixin Wang ◽  
Jianhua Yang ◽  
Xiaohua Xu ◽  
Peng-Jun Wan
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Efficient Algorithm ◽  
Clustering Algorithm ◽  
Detection Algorithm ◽  
Target System ◽  
The Internet ◽  
Stepping Stones ◽  
Network Attacks ◽  
Stepping Stone

Intruders on the Internet usually launch network attacks through compromised hosts, called stepping stones, in order to reduce the chance of being detected. With stepping-stone intrusions, an attacker uses tools such as SSH to log in several compromised hosts remotely and create an interactive connection chain and then sends attacking packets to a target system. An effective method to detect such an intrusion is to estimate the length of a connection chain. In this paper, we develop an efficient algorithm to detect stepping-stone intrusion by mining network traffic using the k -means clustering. Existing approaches for connection-chain-based stepping-stone intrusion detection either are not effective or require a large number of TCP packets to be captured and processed and, thus, are not efficient. Our proposed detection algorithm can accurately determine the length of a connection chain without requiring a large number of TCP packets being captured and processed, so it is more efficient. Our proposed detection algorithm is also easier to implement than all existing approaches for stepping-stone intrusion detection. The effectiveness, correctness, and efficiency of our proposed detection algorithm are verified through well-designed network experiments.

Manipulating network traffic to evade stepping-stone intrusion detection

2018 ◽  
Vol 3-4 ◽  
pp. 34-45 ◽  
Author(s):  
Jianhua Yang ◽  
Lixin Wang ◽  
Andrew Lesh ◽  
Brian Lockerbie
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Stepping Stone

The Japanese Factor in the Making of North Korean Socialism

2020 ◽  
pp. 225-251
Author(s):  
Ernest Ming-Tak Leung
Keyword(s):  
Communist Party ◽  
North Korea ◽  
Colonial Rule ◽  
Direct Experience ◽  
Colonial Era ◽  
Stepping Stone ◽  
The Creation ◽  
Juche Ideology

This article explores a commonly ignored aspect of Japan–North Korean relations: the Japanese factor in the making of Korean socialism. Korea was indirectly influenced by the Japanese Jiyuminken Movement, in the 1910s–1920s serving as a stepping-stone for the creation of a Japanese Communist Party. Wartime mobilization policies under Japanese rule were continued and expanded beyond the colonial era. The Juche ideology built on tendencies first exhibited in the 1942 Overcoming Modernity Conference in Japan, and in the 1970s some Japanese leftists viewed Juche as a humanist Marxism. Trade between Japan and North Korea expanded from 1961 onwards, culminating in North Korea’s default in 1976, from which point on relations soured between the two countries. Yet leaders with direct experience of colonial rule governed North Korea through to the late 1990s.

Sign in / Sign up

Export Citation Format

Share Document