Abstract
When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.
| Original language | English |
|---|---|
| Pages (from-to) | 642-649 |
| Number of pages | 8 |
| Journal | Lecture Notes in Computer Science |
| Volume | 3320 |
| Publication status | Published - 2004 |
| Event | 5th International Conference, PDCAT 2004 - , Singapore Duration: 2004 Dec 8 → 2004 Dec 10 |
Keywords
- Backdoor
- Connection pairs
- Detoured attack
- Stepping stone
- Traceback
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)