The Experts below are selected from a list of 3666 Experts worldwide ranked by ideXlab platform
Jianhua Yang - One of the best experts on this subject based on the ideXlab platform.
-
Modeling and Detecting Stepping-Stone Intrusion
2009Co-Authors: Yongzhong Zhang, Jianhua YangAbstract:Summary Most network intruders launch their attacks through steppingstones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with an outgoing Connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea applying signal processing technology to stepping-stone intrusion detection. We present the preliminary results of applying correlation coefficients to detecting steppingstone intrusion. The contribution of this paper is that we are the first to apply correlation coefficient to stepping-stone detection, and more importantly, it does not have to monitor a session for a long time to conclude if there is a stepping-stone intrusion. Applying DFT and Z-transform to stepping-stone detection is under way.
-
AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
2009 International Conference on Advanced Information Networking and Applications, 2009Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen HuangAbstract:Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.
-
Applying Signal Processing Technology to Stepping-Stone Intrusion Detection
2008 Second International Symposium on Intelligent Information Technology Application, 2008Co-Authors: Yongzhong Zhang, Chunming Ye, Jianhua YangAbstract:Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with an outgoing Connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea applying signal processing technology to stepping-stone intrusion detection. We present the preliminary results of applying correlation coefficients to detecting stepping-stone intrusion. The contribution of this paper is that we are the first to apply correlation coefficient to stepping-stone detection, and more importantly, it does not have to monitor a session for a long time to conclude if there is a stepping-stone intrusion. Applying DFT and Z-transform to stepping-stone detection is under way.
-
AINA Workshops - Monitoring Network Traffic to Detect Stepping-Stone Intrusion
22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008), 2008Co-Authors: Jianhua Yang, Byong Lee, Stephen HuangAbstract:Most network intruders tend to use stepping-stones to attack or to invade other hosts to reduce the risks of being discovered. There have been many approaches that were proposed to detect stepping-stone since 1995. One of those approaches proposed by A. Blum detects stepping-stone by checking if the difference between the number of the send packets of an Incoming Connection and the one of an outgoing Connection is bounded. One weakness of this method is in resisting intruders' evasion, such as chaff perturbation. In this paper, we propose a method based on random walk theory to detect stepping-stone intrusion. Our theoretical analysis shows that the proposed method is more effective than Blum's approach in terms of resisting intruders' chaff perturbation.
-
Matching TCP/IP Packets to Resist Stepping-Stone Intruders' Evasion
2008 40th Southeastern Symposium on System Theory (SSST), 2008Co-Authors: Jianhua Yang, Ran Zhang, D.y. SongAbstract:Most network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. There have been many approaches proposed to detect stepping-stone since 1995. Among them, the most popular one is the method proposed by Blum, which detects stepping-stone by checking whether the difference between the number of the send packets of an Incoming Connection and that of an outgoing Connection is bounded. One disadvantage of this method lies in the weakness in resisting to intruders' evasion, such as chaff perturbation. In this paper, we analyze the resistance of packet matching approach to intruders' evasion. The theoretical analysis shows that packet matching method is more effective than other approaches in terms of resistance to intruders' chaff perturbation and time jittering evasion.
Shou-hsuan Stephen Huang - One of the best experts on this subject based on the ideXlab platform.
-
AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
2009 International Conference on Advanced Information Networking and Applications, 2009Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen HuangAbstract:Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.
Guoqing Zhao - One of the best experts on this subject based on the ideXlab platform.
-
AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
2009 International Conference on Advanced Information Networking and Applications, 2009Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen HuangAbstract:Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.
Andrea Visconti - One of the best experts on this subject based on the ideXlab platform.
-
WIRN/NAIS - Profiling network attacks via AIS
Neural Nets, 2006Co-Authors: Anastasia Pagnoni, Andrea ViscontiAbstract:The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) Connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of Connection logs [9]. New Incoming Connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.
-
Profiling network attacks via AIS
Lecture Notes in Computer Science, 2006Co-Authors: Anastasia Pagnoni, Andrea ViscontiAbstract:The paper extends the intrusion detection methodology proposed by Tarakanov et al. in [8] to k-dimensional shape spaces, for k greater or equal 2. k real vectors, representing antibodies, are used to recognize malicious (or, non-self) Connection logs. We suggest a method for recognizing antigens (generating such antibodies) via Singular Value Decomposition of a real-valued matrix obtained by preprocessing a database of Connection logs [9]. New Incoming Connection requests are recognized by the antibodies as either self (normal request), or non-self (potential attack), by (a) mapping them into a k-dimensional shape space, and (b) evaluating the minimum Hamming distance between their image and that of a known attack logs. It is easy to see that using a shape space of dimension greater than 2 significantly reduces false positives.
Gurdeep S. Hura - One of the best experts on this subject based on the ideXlab platform.
-
AINA - Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
2009 International Conference on Advanced Information Networking and Applications, 2009Co-Authors: Guoqing Zhao, Jianhua Yang, Gurdeep S. Hura, Shou-hsuan Stephen HuangAbstract:Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an Incoming Connection with outgoing Connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such as Spearman Rank, Kendall Tau Rank, and Pearson Product-Moment, to correlate two sessions to identify stepping-stone intrusions. The contribution of this paper is that we are the first one to apply correlation coefficient to stepping-stone intrusion detection, and more importantly, it is not necessary to monitor a session for a long time to conclude a stepping-stone intrusion. The experiment results showed that a step-ping-stone intrusion can be detected while an intruder input the username and password. Further work needs to be done to test if this approach could resist intruders' evasion.