Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays

Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays (2003)

Cached

Download Links

[ise.gmu.edu]

Other Repositories/Bibliography

DBLP

by Xinyuan Wang , Douglas S. Reeves

Venue:	In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003
Citations:	56 - 6 self

BibTeX

@INPROCEEDINGS{Wang03robustcorrelation,
    author = {Xinyuan Wang and Douglas S. Reeves},
    title = {Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays},
    booktitle = {In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003},
    year = {2003},
    pages = {20--29},
    publisher = {ACM}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Abstract — Network based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks through intermediate “stepping stones ” in order to conceal their identity and origin. To identify the source of the attack behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at stepping stones. In this paper we propose a novel watermark-based correlation scheme that is designed specifically to be robust against timing

Citations

6517	Elements of information theory - Cover, Thomas - 1991
4407	The Mathematical Theory of Communication - Shannon, Weaver - 1949
462	Network support for IP traceback - Savage, Wetherall, et al. - 2001
419	Probability and Statistics - DeGroot, Schervish
186	Information-theoretic analysis of information hiding - Moulin, O’Sullivan - 2003
183	Proof of a fundamental result in self-similar traffic modeling - Taqqu, Willinger, et al. - 1997
133	Hash-based IP traceback - Snoeren, Partridge, et al. - 2001
129	Detecting Stepping Stones - Zhang, Paxson - 2000
95	Holding intruders accountable on the internet - Staniford-Chen, Heberlein - 1995
73	Tcplib: A library of TCP Internetwork traffic characteristics - Danzig, Jamin - 1991
61	Efficient Packet Marking for Large-Scale IP Traceback - Goodrich - 2002
59	Detection of interactive stepping stones: Algorithms and confidence bounds - Blum, Song, et al. - 2004
56	The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage - Stoll - 1989
51	Finding a Connection Chain for Tracing Intruders - Yoda, Etoh - 2000
31	Sleepy watermark tracing: an active network-based intrusion response framework - Wang, Reeves, et al.
24	Inter-packet delay based correlation for tracing encrypted connections through stepping stones - Wang, Reeves, et al.
19	Network flow watermarking attack on low-latency anonymous communication systems - Wang, Chen, et al. - 2007
17	On the secrecy of timing-based active watermarking trace-back techniques - Peng, Ning, et al. - 2006
10	Detecting encrypted stepping-stone connections - He, Tong - 2007
10	Detection of stepping stone attacks under delay and chaff perturbations - Zhang, Persaud, et al. - 2006
9	et al. Caller Identification System in the Internet Environment - Jung - 1993
8	Tracing traffic through intermediate hosts that repacketize flows - Pyun, Park, et al. - 2007
7	Generator of Self-Similar Network Traffic. URL. http://wwwcsif.cs.ucdavis.edu/ kramer/code/ trf gen2.html - Kramer
6	Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets - Peng, Ning, et al. - 2005
3	Large Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation - Li, Sung, et al. - 2004
2	Information-Hiding Games - Moulin - 2003
2	Strategic Deployment of Network Monitors for Attack Attribution - Pyun, Reeves - 2007
1	Steganographic Communication in Ordered Channels - Chakinala, Kumarasubramanian, et al. - 2006
1	An Empirical Workload Model for Driving Wide-Aea TCP/IP Network Simulations - Danzig, Jamin, et al. - 1992