Detecting stepping stones by abnormal causality probability
Article
Article Title | Detecting stepping stones by abnormal causality probability |
---|---|
ERA Journal ID | 39741 |
Article Category | Article |
Authors | Wen, Sheng, Wu, Di, Li, Ping, Xiang, Yang, Zhou, Wanlei and Wei, Guiyi |
Journal Title | Security and Communication Networks |
Journal Citation | 8 (10), pp. 1831-1844 |
Number of Pages | 14 |
Year | 2015 |
Publisher | Hindawi Publishing Corporation |
John Wiley & Sons | |
Place of Publication | United States |
ISSN | 1939-0114 |
1939-0122 | |
Digital Object Identifier (DOI) | https://doi.org/10.1002/sec.1037 |
Web Address (URL) | https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1037 |
Abstract | Locating the real source of the Internet attacks has long been an important but difficult problem to be addressed. In the real world, attackers can easily hide their identities and evade punishment by relaying their attacks through a series of compromised systems or devices called stepping stones. Currently, researchers mainly use similar features from the network traffic, such as packet timestamps and frequencies, to detect stepping stones. However, these features can be easily destroyed by attackers using evasive techniques. In addition, it is also difficult to implement an appropriate threshold of similarity that can help justify the stepping stones. In order to counter these problems, in this paper, we introduce the consistent causality probability to detect the stepping stones. We formulate the ranges of abnormal causality probabilities according to the different network conditions, and on the basis of it, we further implement to self-adaptive methods to capture stepping stones. To evaluate our proposed detection methods, we adopt theoretic analysis and empirical studies, which demonstrate accuracy of the abnormal causality probability. Moreover, we compare our proposed methods with previous works. The result shows that our methods in this paper significantly outperform previous works in the accuracy of detection malicious stepping stones, even when evasive techniques are adopted by attackers. |
Keywords | intrusion detection; causality probability; stepping stones |
ANZSRC Field of Research 2020 | 4604. Cybersecurity and privacy |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | Deakin University |
Zhejiang Gongshang University, China |
https://research.usq.edu.au/item/z4y27/detecting-stepping-stones-by-abnormal-causality-probability
21
total views0
total downloads0
views this month0
downloads this month