Robust Detection of Stepping-Stone Attacks

Abstract

The detection of encrypted stepping-stone attack is considered. Besides encryption and padding, the attacker is capable of inserting chaff packets and perturbing packet timing and transmission order. Based on the assumption that packet arrivals form renewal processes, and a pair of such renewal processes is also renewal, a nonparametric detector is proposed to detect attacking traffic by testing the correlation between interarrival times in the incoming process and the outgoing process. The detector requires no knowledge of the interarrival distributions, and it is shown to have exponentially decaying detection error probabilities for all distributions. The error exponents are characterized using the Vapnik-Chervonenkis Theory. An efficient algorithm is proposed based on the detector structure to detect renewal processes with linearly correlated interarrival times. It is shown that the proposed algorithm is robust against an amount of chaff arbitrarily close to the amount of chaff needed to mimic independent processes.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2006
Accession Number
ADA481453

Entities

People

  • Lang Tong
  • Ting He

Organizations

  • Cornell University College of Engineering

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Algorithms
  • Communication Channels
  • Computations
  • Detection
  • Detectors
  • Distribution Functions
  • Engineering
  • False Alarms
  • Information Operations
  • Intrusion Detection
  • Probability
  • Probability Distributions
  • Random Variables
  • Simulations
  • Statistics
  • Theorems
  • Warning Systems

Readers

  • Computer Networking
  • Cybersecurity.
  • Statistical inference.