Matching connection pairs

Hyung Woo Kang, Soon Jwa Hong, Dong Hoon Lee

Research output: Contribution to journalConference articlepeer-review

4 Citations (Scopus)


When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.

Original languageEnglish
Pages (from-to)642-649
Number of pages8
JournalLecture Notes in Computer Science
Publication statusPublished - 2004
Event5th International Conference, PDCAT 2004 - , Singapore
Duration: 2004 Dec 82004 Dec 10


  • Backdoor
  • Connection pairs
  • Detoured attack
  • Stepping stone
  • Traceback

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Matching connection pairs'. Together they form a unique fingerprint.

Cite this