Matching connection pairs

Hyung Woo Kang, Soon Jwa Hong, Dong Hoon Lee

Research output: Contribution to journalConference article

4 Citations (Scopus)

Abstract

When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.

Original languageEnglish
Pages (from-to)642-649
Number of pages8
JournalLecture Notes in Computer Science
Volume3320
Publication statusPublished - 2004
Event5th International Conference, PDCAT 2004 - , Singapore
Duration: 2004 Dec 82004 Dec 10

Keywords

  • Backdoor
  • Connection pairs
  • Detoured attack
  • Stepping stone
  • Traceback

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Matching connection pairs'. Together they form a unique fingerprint.

  • Cite this

    Kang, H. W., Hong, S. J., & Lee, D. H. (2004). Matching connection pairs. Lecture Notes in Computer Science, 3320, 642-649.