Monitoring Network Traffic to Detect Stepping-Stone Intrusion

2008 ◽  
Author(s):  
Jianhua Yang ◽  
Byong Lee ◽  
Stephen S.H. Huang
Keyword(s):  
Network Traffic ◽  
Monitoring Network ◽  
Stepping Stone

AL-bitmap: Monitoring network traffic activity graphs on high speed links

2017 ◽  
Vol 408 ◽  
pp. 162-175 ◽  
Author(s):  
Jing Tao ◽  
Pinghui Wang ◽  
Xiaohong Guan ◽  
Wenjun Hu
Keyword(s):  
Network Traffic ◽  
High Speed ◽  
Monitoring Network

scholarly journals T 2 Control Chart based on PCA with KDE Control Limit for Monitoring Intrusion

2021 ◽  
Vol 2123 (1) ◽  
pp. 012017
Author(s):  
A I Jaya ◽  
T R Aulia ◽  
F D Putri ◽  
T Rakhmawati
Keyword(s):  
Control Chart ◽  
Network Traffic ◽  
Monitoring Network ◽  
Principal Component ◽  
The Other ◽  
Control Limit ◽  
Computational Time ◽  
False Alarms ◽  
Detection Accuracy ◽  
Traffic Data

Abstract In monitoring network anomaly, the traditional T 2 chart can be an alternative owing to its ability to capture the network anomaly. However, the new problem emerges in consequence of the hardship of the network traffic data to satisfy the multivariate normal distribution assumption in Hotelling’s T 2 chart. As a result, many false alarms will be found during the monitoring process. In this work, the combination between Hotelling’s T 2 control chart and the Principal Component Analysis (PCA) is utilized to observe the network traffic data. The PCA is used to minimize the data dimension which can reduce computational time. Meanwhile, the Kernel Density approach is employed in estimating the control limit of the non-normal process. The proposed method is applied to the famous KDD99 dataset, and its performance is compared with the other methods. Compared to the other charts, the proposed control chart yields a higher detection accuracy with a lower false alarm rate. Moreover, the proposed control chart also produces a faster computational time.

The Analysis and Design of the Computer Network Traffic Monitor

2014 ◽  
Vol 556-562 ◽  
pp. 6791-6794
Author(s):  
Xiong Zhou
Keyword(s):  
Network Traffic ◽  
Computer Network ◽  
Network Monitoring ◽  
Monitoring Network ◽  
Traffic Monitoring ◽  
Traffic Information ◽  
Analysis And Design ◽  
Static Information ◽  
Network Traffic Monitoring ◽  
Status Data

The important work of the network management in real-time network monitoring, network monitoring network traffic, the state, the collection of behavioral information, the information will be collected for statistical analysis, network traffic status data, and network traffic information collected includes dynamic information and static information, on this basis, conducted a study of network traffic monitoring and management system.

scholarly journals Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

Sensors ◽  
2021 ◽  
Vol 21 (22) ◽  
pp. 7464
Author(s):  
Jianhua Yang ◽  
Lixin Wang
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Local Area ◽  
Step Function ◽  
Data Mining Algorithm ◽  
Round Trip ◽  
Matching Algorithm ◽  
Stepping Stone ◽  
Trip Time

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

A Multilayer Perceptron Classifier for Monitoring Network Traffic

2019 ◽  
pp. 262-270
Author(s):  
Azidine Guezzaz ◽  
Ahmed Asimi ◽  
Azrour Mourade ◽  
Zakariae Tbatou ◽  
Younes Asimi
Keyword(s):  
Multilayer Perceptron ◽  
Network Traffic ◽  
Monitoring Network

scholarly journals Mining Network Traffic with the k -Means Clustering Algorithm for Stepping-Stone Intrusion Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Lixin Wang ◽  
Jianhua Yang ◽  
Xiaohua Xu ◽  
Peng-Jun Wan
Keyword(s):  
Intrusion Detection ◽  
Network Traffic ◽  
Efficient Algorithm ◽  
Clustering Algorithm ◽  
Detection Algorithm ◽  
Target System ◽  
The Internet ◽  
Stepping Stones ◽  
Network Attacks ◽  
Stepping Stone

Intruders on the Internet usually launch network attacks through compromised hosts, called stepping stones, in order to reduce the chance of being detected. With stepping-stone intrusions, an attacker uses tools such as SSH to log in several compromised hosts remotely and create an interactive connection chain and then sends attacking packets to a target system. An effective method to detect such an intrusion is to estimate the length of a connection chain. In this paper, we develop an efficient algorithm to detect stepping-stone intrusion by mining network traffic using the k -means clustering. Existing approaches for connection-chain-based stepping-stone intrusion detection either are not effective or require a large number of TCP packets to be captured and processed and, thus, are not efficient. Our proposed detection algorithm can accurately determine the length of a connection chain without requiring a large number of TCP packets being captured and processed, so it is more efficient. Our proposed detection algorithm is also easier to implement than all existing approaches for stepping-stone intrusion detection. The effectiveness, correctness, and efficiency of our proposed detection algorithm are verified through well-designed network experiments.

Sign in / Sign up

Export Citation Format

Share Document