Associate Professor, TSYS School of Computer Science, Columbus State University, Columbus, Georgia, USA
*Corresponding Author: Lixin Wang, TSYS School of Computer Science, Columbus State University, Columbus, Georgia, USA.
Received: July 24, 2021; Published: August 01, 2021
Hackers on the Internet usually send attacking packets using compromised hosts, called stepping-stones, in order to avoid being detected. With stepping-stone attacks, an attacker remotely logins to a chain of such stepping-stone hosts using programs like SSH or telnet, and then sends the attacking commands to a target host. A great number of detection approaches have been developed for stepping-stone intrusion (SSI) in the last two decades [1-11]. Most of these existing detection methods for SSI only worked effectively when session manipulation by intruders are not present.
By far, the two most popular session manipulation techniques used by intruders for evasion are time-jittering and chaff-perturbation. Time-jittering is a technique that attacker could hold a packet for a while and then release it for transmission. The goal of employing the time-jittering technique is to modify the gap between the TCP/IP packets’ timestamps in a connection in order to avoid being detected by all the existing time-based detection methods for SSI.
Citation: Lixin Wang. “The Next-Generation Stepping-Stone Intrusion Detection Systems". Acta Scientific Computer Sciences 3.9 (2021): 01.
Copyright: © 2021 Lixin Wang. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.