Intelligent Network-Based Stepping Stone Detection Approach
This research intends to introduce a new usage of Artificial Intelligent (AI) approaches in Stepping Stone Detection (SSD) fields of research. By using Self-Organizing Map (SOM) approaches as the engine, through the experiment, it is shown that SOM has the capability to detect the number of connection chains that involved in a stepping stones. Realizing that by counting the number of connection chain is one of the important steps of stepping stone detection and it become the research focus currently, this research has chosen SOM as the AI techniques because of its capabilities. Through the experiment, it is shown that SOM can detect the number of involved connection chains in Network-based Stepping Stone Detection (NSSD).
[1] CERT, (2007, February 8). (Online). Available:http://www.cert.org.
[2] Y. Zhang, and V. Paxson, "Detecting stepping stones", in Proc. 9th USENIX Security Symposium, Denver, 2000, pp. 67 - 81.
[3] S. Staniford-Chen, and L. T. Herberlein, "Holding intruders accountable
on the Internet", in Proc. 1995 IEEE Symposium on Security and Privacy, Oakland, 1995, pp. 39 - 49.
[4] X. Wang, S. Chen, and S. Jajodia, "Network flow watermarking attack on
low-latency anonymous communication systems", in Proceeding of the
2007 IEEE Symposium on Security & Privacy (S & P 2007), USA, 2007, pp. 116 - 130.
[5] X. Wang, D. S. Reeves, and S. F. Wu, "Inter-packet delay based correlation for tracing encrypted connection through stepping stone", in
Proc. 7th European Symposium on Research in Computer Security
(ESORICS 2002), Zurich, 2002, pp. 224 - 263.
[6] X. Wang, D. Reeves, and S. F. Wu, "Tracing based active intrusion
response", Journal of Information Warefare, vol. 1, Issue 1, pp. 50-61,2001.
[7] K. Yoda, and H. Etoh, "Finding connection chain for tracing intruders", in
Proc. 6th European Symposium on Research in Computer Security
(LNCS 1985), France, 2000, pp. 31 - 42.
[8] L. Zhang, A. G. Persaud, A. Johnson, and Y. Guan, "Detection of stepping
stone attack under delay and chaff perturbations", in Proc. 25th IEEE
International Performance Computing and Communications Conference
(IPCCC 2006), USA, 2006, pp. 246 - 256.
[9] A. Blum, D. Song, and S. Benkataraman, "Detection of interactive
stepping stone: algorithm and confidence bounds", Lecture Notes in
Computer Science, Springer Berlin / Heidelberg, Volume 3224/2004, pg.
258-277, 2004.
[10] W. Han-Ching, and S. H. Shou-Hsuan, "Performance of neural networks in
stepping-stone intrusion detection", in Proc. IEEE International
Conference on Networking, Sensing and Control 2008 (ICNSC 2008),
Sanya, 2008, pp. 608 - 613.
[11] Y. Jianhua, and S. H. Shou-Hsuan, "Mining TCP/IP packet to detect
stepping-stone intrusion", Computer & Security, vol. 26(7-8), pp. 479-
484, 2007.
[12] T. Kohonen, "The self-organizing map", In Proceedings of the IEEE.
USA, 1990, pp. 1464-1480.
[13] M. N. Omar, M. A. Maarof, and A. Zainal, "The Optimization of Stepping
Stone Detection: Packet Capture Steps", Jurnal Teknologi, 44(D), pp. 1 -
14, 2006.
[14] M. N. Omar, M. A. Maarof, and A. Zainal, "Identification steps for the
optimization of stepping stone detection", in Proc. ECTI Transaction on
Electrical / Electronic and Communication (ECTI 2004), Thailand,
2004.
[15] M. N. Omar, M. A. Maarof, and A. Zainal, "Comparison Steps for The
Optimization of Stepping Stone", in Proc. Telematics System, Services,
and Application 2004 (TSSA 2004), Indonesia, 2004.
[16] S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, T. Heberlein, C, Ho, K.
N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D.
Mansur, "DIDS (Distributed Intrusion Detection System) - motivation,
architecture and early prototype", in Proceeding 14th National Computer
Security Conference, USA, 1991, pp. 161 - 176.
[17] H. T. Jung, H. L. Kim, Y. M. Seo, G. Choe, S. L. Min, and C. S. Kim,
"Caller identification system in the internet environment", in Proc.
Proceedings of 4th USENIX Security Symposium, New Orleans, 1997,
pp. 69 - 78.
[18] S. Wadell, 1991. Private Communication.
[19] D. Schnackenbert, Dynamic Cooperating Boundary Controllers.
[20] X. Wang, "Tracing Intruders behind Stepping Stones", Ph.D. dissertation,
North Carolina State University, 2004.
[21] Telnet Environment Option (2009, February 8). (Online). Available:
http://www.ietf.org/rfc/rfc1572.txt
[22] T. Ylonen, (2009, February 8). (Online). Available:
http://www.ietf.org/internet-drafts/drafft-ietf-secsh-architecture-16.txt.
[23] M. N. Omar, L. Siregar, and R. Budiarto, "Dropped Packet Problems in
Stepping Stone Detection Method", International Journal of Computer
Science & Network Security (IJCSNS), vol. 8(1), pp. 109-115, 2008.
[24] X. Wang, and D. S. Reeves, "Robust correlation of encrypted attack traffic
through stepping stones by manipulation of interpacket delays", in Proc.
10th ACM Conference on Computer and Communication Security (CCS
2003), USA, 2003, pp. 20 - 29.
[25] M. Venkateshaiah, "Evading Existing Stepping Stone Detection Methods",
Master Thesis, University of Texas at Arlington, 2006.
[26] M. N. Omar, L. Siregar, and R. Budiarto, "Hybrid stepping stone detection
method", In Proc. The 1st International Conference on Distributed
Frameworks and Application (DFmA 08), Malaysia, 2008, pp. 134 - 138.
[27] M. N. Omar, and R. Budiarto, "Intelligent host-based stepping stone
detection approach", 2009 World Congress on Computer Science and
Information Engineering (CSIE 2009), to be published.
[28] N. Michael, Artificial Intelligence A Guide to Intelligent Systems.
Addison-Wesley. England, 2001.
[29] F. L. George, Artificial Intelligence Structures and Strategies for
Complex Problem Solving, Addison-Wesley. England, 4th Edition, 2002.
[30] Wikipedia. (2009, February 8). Artificial Neural Network. [Online].
Available: http://en.wikipedia.org/wiki/Artificial_neural_network.
[31] S. Jian-Hua, J. Hai, C. Hao, and H. Zong-Fen, "MA-IDS: A Distributed
Intrusion Detection System Based on Data Mining", Wuhan University
Journal of Natural Sciences (WUJNS), vol. 10(1), pp. 111-114, 2005.
[32] I. Yoo, and U. Ultes-Nitsche, "Intelligent firewall: packet-based
recognition against internet-scale virus attacks", in Proc. of Conference on
Communications and Computer Networks (CCN 2002), USA, 2002.
[33] P. Lichodzijewski, A. Z-H. Nur, and M. I. Heywood, "Host-based intrusion
detection using self-organizing maps", in Proc. of the 2002 International
Joint Conference on Neural Network (IJCNN 02), USA, 2002, pp. 1714
- 1719.
[34] J. H. Albert, and S. S. Antti, "A computer host-based user anomaly
detection system using the self-organizing map", in Proc. of the IEEEINNS-
ENNS International Joint Conference on Neural Networks
(IJCNN-00), Italy, 2000, pp. 411 - 416.
[35] H. Y. Kwong, "Detecting Long Connection Chains of Interactive Terminal
Session" in Proc. RAID 2002. Switzerland, 2002, pp. 1 - 6.
[36] Y. Jianhua, and S. H. Shou-Hsuan, "A real-time algorithm to detect long
connection chains of interactive terminal session", in Proc. of the 3rd
International Conference on Information Security, China, 2004, pp. 198
- 203.
[37] Y. Jianhua, and S. H. Shou-Hsuan, and D. W. Ming, "A Clustering-
Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion
Detection" in Proc. of the 20th International Conference on Advanced
Information Networking and Applications (AINA-06), Austria, 2006, pp.
231 - 236.
[38] Wireshark (2009, February 8). (Online). Available:
http://www.wireshark.org.
[39] Wareseeker (2008, February 8). (Online). Available:
http://wareseeker.com/freeware/telnet-scripting-tool-1.0/19344/TST10.zip.
[40] H. Duane, and L. Bruce, Mastering MATLAB A Comprehensive Tutorial
and Reference, Prentice-Hall. New Jersey, 1996.
[1] CERT, (2007, February 8). (Online). Available:http://www.cert.org.
[2] Y. Zhang, and V. Paxson, "Detecting stepping stones", in Proc. 9th USENIX Security Symposium, Denver, 2000, pp. 67 - 81.
[3] S. Staniford-Chen, and L. T. Herberlein, "Holding intruders accountable
on the Internet", in Proc. 1995 IEEE Symposium on Security and Privacy, Oakland, 1995, pp. 39 - 49.
[4] X. Wang, S. Chen, and S. Jajodia, "Network flow watermarking attack on
low-latency anonymous communication systems", in Proceeding of the
2007 IEEE Symposium on Security & Privacy (S & P 2007), USA, 2007, pp. 116 - 130.
[5] X. Wang, D. S. Reeves, and S. F. Wu, "Inter-packet delay based correlation for tracing encrypted connection through stepping stone", in
Proc. 7th European Symposium on Research in Computer Security
(ESORICS 2002), Zurich, 2002, pp. 224 - 263.
[6] X. Wang, D. Reeves, and S. F. Wu, "Tracing based active intrusion
response", Journal of Information Warefare, vol. 1, Issue 1, pp. 50-61,2001.
[7] K. Yoda, and H. Etoh, "Finding connection chain for tracing intruders", in
Proc. 6th European Symposium on Research in Computer Security
(LNCS 1985), France, 2000, pp. 31 - 42.
[8] L. Zhang, A. G. Persaud, A. Johnson, and Y. Guan, "Detection of stepping
stone attack under delay and chaff perturbations", in Proc. 25th IEEE
International Performance Computing and Communications Conference
(IPCCC 2006), USA, 2006, pp. 246 - 256.
[9] A. Blum, D. Song, and S. Benkataraman, "Detection of interactive
stepping stone: algorithm and confidence bounds", Lecture Notes in
Computer Science, Springer Berlin / Heidelberg, Volume 3224/2004, pg.
258-277, 2004.
[10] W. Han-Ching, and S. H. Shou-Hsuan, "Performance of neural networks in
stepping-stone intrusion detection", in Proc. IEEE International
Conference on Networking, Sensing and Control 2008 (ICNSC 2008),
Sanya, 2008, pp. 608 - 613.
[11] Y. Jianhua, and S. H. Shou-Hsuan, "Mining TCP/IP packet to detect
stepping-stone intrusion", Computer & Security, vol. 26(7-8), pp. 479-
484, 2007.
[12] T. Kohonen, "The self-organizing map", In Proceedings of the IEEE.
USA, 1990, pp. 1464-1480.
[13] M. N. Omar, M. A. Maarof, and A. Zainal, "The Optimization of Stepping
Stone Detection: Packet Capture Steps", Jurnal Teknologi, 44(D), pp. 1 -
14, 2006.
[14] M. N. Omar, M. A. Maarof, and A. Zainal, "Identification steps for the
optimization of stepping stone detection", in Proc. ECTI Transaction on
Electrical / Electronic and Communication (ECTI 2004), Thailand,
2004.
[15] M. N. Omar, M. A. Maarof, and A. Zainal, "Comparison Steps for The
Optimization of Stepping Stone", in Proc. Telematics System, Services,
and Application 2004 (TSSA 2004), Indonesia, 2004.
[16] S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, T. Heberlein, C, Ho, K.
N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D.
Mansur, "DIDS (Distributed Intrusion Detection System) - motivation,
architecture and early prototype", in Proceeding 14th National Computer
Security Conference, USA, 1991, pp. 161 - 176.
[17] H. T. Jung, H. L. Kim, Y. M. Seo, G. Choe, S. L. Min, and C. S. Kim,
"Caller identification system in the internet environment", in Proc.
Proceedings of 4th USENIX Security Symposium, New Orleans, 1997,
pp. 69 - 78.
[18] S. Wadell, 1991. Private Communication.
[19] D. Schnackenbert, Dynamic Cooperating Boundary Controllers.
[20] X. Wang, "Tracing Intruders behind Stepping Stones", Ph.D. dissertation,
North Carolina State University, 2004.
[21] Telnet Environment Option (2009, February 8). (Online). Available:
http://www.ietf.org/rfc/rfc1572.txt
[22] T. Ylonen, (2009, February 8). (Online). Available:
http://www.ietf.org/internet-drafts/drafft-ietf-secsh-architecture-16.txt.
[23] M. N. Omar, L. Siregar, and R. Budiarto, "Dropped Packet Problems in
Stepping Stone Detection Method", International Journal of Computer
Science & Network Security (IJCSNS), vol. 8(1), pp. 109-115, 2008.
[24] X. Wang, and D. S. Reeves, "Robust correlation of encrypted attack traffic
through stepping stones by manipulation of interpacket delays", in Proc.
10th ACM Conference on Computer and Communication Security (CCS
2003), USA, 2003, pp. 20 - 29.
[25] M. Venkateshaiah, "Evading Existing Stepping Stone Detection Methods",
Master Thesis, University of Texas at Arlington, 2006.
[26] M. N. Omar, L. Siregar, and R. Budiarto, "Hybrid stepping stone detection
method", In Proc. The 1st International Conference on Distributed
Frameworks and Application (DFmA 08), Malaysia, 2008, pp. 134 - 138.
[27] M. N. Omar, and R. Budiarto, "Intelligent host-based stepping stone
detection approach", 2009 World Congress on Computer Science and
Information Engineering (CSIE 2009), to be published.
[28] N. Michael, Artificial Intelligence A Guide to Intelligent Systems.
Addison-Wesley. England, 2001.
[29] F. L. George, Artificial Intelligence Structures and Strategies for
Complex Problem Solving, Addison-Wesley. England, 4th Edition, 2002.
[30] Wikipedia. (2009, February 8). Artificial Neural Network. [Online].
Available: http://en.wikipedia.org/wiki/Artificial_neural_network.
[31] S. Jian-Hua, J. Hai, C. Hao, and H. Zong-Fen, "MA-IDS: A Distributed
Intrusion Detection System Based on Data Mining", Wuhan University
Journal of Natural Sciences (WUJNS), vol. 10(1), pp. 111-114, 2005.
[32] I. Yoo, and U. Ultes-Nitsche, "Intelligent firewall: packet-based
recognition against internet-scale virus attacks", in Proc. of Conference on
Communications and Computer Networks (CCN 2002), USA, 2002.
[33] P. Lichodzijewski, A. Z-H. Nur, and M. I. Heywood, "Host-based intrusion
detection using self-organizing maps", in Proc. of the 2002 International
Joint Conference on Neural Network (IJCNN 02), USA, 2002, pp. 1714
- 1719.
[34] J. H. Albert, and S. S. Antti, "A computer host-based user anomaly
detection system using the self-organizing map", in Proc. of the IEEEINNS-
ENNS International Joint Conference on Neural Networks
(IJCNN-00), Italy, 2000, pp. 411 - 416.
[35] H. Y. Kwong, "Detecting Long Connection Chains of Interactive Terminal
Session" in Proc. RAID 2002. Switzerland, 2002, pp. 1 - 6.
[36] Y. Jianhua, and S. H. Shou-Hsuan, "A real-time algorithm to detect long
connection chains of interactive terminal session", in Proc. of the 3rd
International Conference on Information Security, China, 2004, pp. 198
- 203.
[37] Y. Jianhua, and S. H. Shou-Hsuan, and D. W. Ming, "A Clustering-
Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion
Detection" in Proc. of the 20th International Conference on Advanced
Information Networking and Applications (AINA-06), Austria, 2006, pp.
231 - 236.
[38] Wireshark (2009, February 8). (Online). Available:
http://www.wireshark.org.
[39] Wareseeker (2008, February 8). (Online). Available:
http://wareseeker.com/freeware/telnet-scripting-tool-1.0/19344/TST10.zip.
[40] H. Duane, and L. Bruce, Mastering MATLAB A Comprehensive Tutorial
and Reference, Prentice-Hall. New Jersey, 1996.
@article{"International Journal of Information, Control and Computer Sciences:58445", author = "Mohd Nizam Omar and Rahmat Budiarto", title = "Intelligent Network-Based Stepping Stone Detection Approach", abstract = "This research intends to introduce a new usage of Artificial Intelligent (AI) approaches in Stepping Stone Detection (SSD) fields of research. By using Self-Organizing Map (SOM) approaches as the engine, through the experiment, it is shown that SOM has the capability to detect the number of connection chains that involved in a stepping stones. Realizing that by counting the number of connection chain is one of the important steps of stepping stone detection and it become the research focus currently, this research has chosen SOM as the AI techniques because of its capabilities. Through the experiment, it is shown that SOM can detect the number of involved connection chains in Network-based Stepping Stone Detection (NSSD).
", keywords = "Artificial Intelligent, Self-Organizing Map (SOM), Stepping Stone Detection, Tracing Intruder.", volume = "3", number = "5", pages = "1368-8", }
