Incoming Connection

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 3666 Experts worldwide ranked by ideXlab platform

Jianhua Yang - One of the best experts on this subject based on the ideXlab platform.

  • Modeling and Detecting Stepping-Stone Intrusion
    2009
    Co-Authors: Yongzhong Zhang, Jianhua Yang
    Abstract:

    Summary Most network intruders launch their attacks through steppingstones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with an outgoing Connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea applying signal processing technology to stepping-stone intrusion detection. We present the preliminary results of applying correlation coefficients to detecting steppingstone intrusion. The contribution of this paper is that we are the first to apply correlation coefficient to stepping-stone detection, and more importantly, it does not have to monitor a session for a long time to conclude if there is a stepping-stone intrusion. Applying DFT and Z-transform to stepping-stone detection is under way.

  • AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
    2009 International Conference on Advanced Information Networking and Applications, 2009
    Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen Huang
    Abstract:

    Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.

  • Applying Signal Processing Technology to Stepping-Stone Intrusion Detection
    2008 Second International Symposium on Intelligent Information Technology Application, 2008
    Co-Authors: Yongzhong Zhang, Chunming Ye, Jianhua Yang
    Abstract:

    Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with an outgoing Connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea applying signal processing technology to stepping-stone intrusion detection. We present the preliminary results of applying correlation coefficients to detecting stepping-stone intrusion. The contribution of this paper is that we are the first to apply correlation coefficient to stepping-stone detection, and more importantly, it does not have to monitor a session for a long time to conclude if there is a stepping-stone intrusion. Applying DFT and Z-transform to stepping-stone detection is under way.

  • AINA Workshops - Monitoring Network Traffic to Detect Stepping-Stone Intrusion
    22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008), 2008
    Co-Authors: Jianhua Yang, Byong Lee, Stephen Huang
    Abstract:

    Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an Incoming Connection and the one of an outgoing Connection is bounded. One weakness of this method is in resisting intruders' evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum's approach in terms of resisting intruders' chaff perturbation.

  • Matching TCP/IP Packets to Resist Stepping-Stone Intruders' Evasion
    2008 40th Southeastern Symposium on System Theory (SSST), 2008
    Co-Authors: Jianhua Yang, Ran Zhang, D.y. Song
    Abstract:

    Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an Incoming Connection and that of an outgoing Connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders' evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders' evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders' chaff perturbation and time jittering evasion.

Shou-hsuan Stephen Huang - One of the best experts on this subject based on the ideXlab platform.

  • AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
    2009 International Conference on Advanced Information Networking and Applications, 2009
    Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen Huang
    Abstract:

    Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.

Guoqing Zhao - One of the best experts on this subject based on the ideXlab platform.

  • AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
    2009 International Conference on Advanced Information Networking and Applications, 2009
    Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen Huang
    Abstract:

    Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.

Andrea Visconti - One of the best experts on this subject based on the ideXlab platform.

  • WIRN/NAIS - Profiling network attacks via AIS
    Neural Nets, 2006
    Co-Authors: Anastasia Pagnoni, Andrea Visconti
    Abstract:

    The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) Connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of Connection logs [9]. New Incoming Connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.

  • Profiling network attacks via AIS
    Lecture Notes in Computer Science, 2006
    Co-Authors: Anastasia Pagnoni, Andrea Visconti
    Abstract:

    The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) Connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of Connection logs [9]. New Incoming Connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.

Gurdeep S. Hura - One of the best experts on this subject based on the ideXlab platform.

  • AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
    2009 International Conference on Advanced Information Networking and Applications, 2009
    Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen Huang
    Abstract:

    Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.

Incoming Connection - 15 days free trial to Access Experts & Abstracts