Identify Encrypted Packets to Detect Stepping-Stone Intrusion

Authors

Jianhua Yang, Columbus State University
Lixin Wang, Columbus State University
Suhev Shakya, Columbus State University
Michael Workman, Columbus State University

Document Type

Conference Proceeding

Publication Date

1-1-2021

Publication Title

Lecture Notes in Networks and Systems

Volume

226 LNNS

First Page

536

Last Page

547

DOI

10.1007/978-3-030-75075-6_43

Abstract

Most attackers exploit stepping-stone to launch their attacks to avoid being captured. An encrypted TCP session established by attackers using ssh makes stepping-stone intrusion detection harder than non-encrypted sessions. Even though the contents of an encrypted packet are not readable, its header fields in different layers are not encrypted. In this paper, we propose a novel algorithm to detect stepping-stone intrusion based on IP address, port number, TCP packet flags, and the length of an encrypted packet. A preliminary experimental result in a local area network shows that the proposed algorithm cannot only detect stepping-stone intrusion, but also resist intruders’ session manipulation.

Recommended Citation

Yang, Jianhua; Wang, Lixin; Shakya, Suhev; and Workman, Michael, "Identify Encrypted Packets to Detect Stepping-Stone Intrusion" (2021). Faculty Bibliography. 3292.
https://csuepress.columbusstate.edu/bibliography_faculty/3292