Matching connection pairs

Hyung Woo Kang, Soon Jwa Hong, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)


When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, these intermediate hosts are called stepping-stones. In this paper, we describe an algorithm to be able to detect stepping-stones in detoured attacks. Our aim is to develop an algorithm that can trace an origin system which attacks a victim system via stepping-stones. There are two kinds of traceback technologies: IP packet traceback and connection traceback. We focused on connection traceback in this paper and proposed a new intruder tracing algorithm to distinguish between an origin system of attack and stepping-stones using process structures of operating systems.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science
EditorsK.-M. Liew, H. Shen, S. See, W. Cai, P. Fan, S. Horiguchi
Number of pages8
Publication statusPublished - 2004
Event5th International Conference, PDCAT 2004 - , Singapore
Duration: 2004 Dec 82004 Dec 10


Other5th International Conference, PDCAT 2004


  • Backdoor
  • Connection pairs
  • Detoured attack
  • Stepping stone
  • Traceback

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

Kang, H. W., Hong, S. J., & Lee, D. H. (2004). Matching connection pairs. In K-M. Liew, H. Shen, S. See, W. Cai, P. Fan, & S. Horiguchi (Eds.), Lecture Notes in Computer Science (Vol. 3320, pp. 642-649)