Title
Identify Encrypted Packets to Detect Stepping-Stone Intrusion
Document Type
Conference Proceeding
Publication Date
1-1-2021
Publication Title
Lecture Notes in Networks and Systems
Volume
226 LNNS
First Page
536
Last Page
547
DOI
10.1007/978-3-030-75075-6_43
Abstract
Most attackers exploit stepping-stone to launch their attacks to avoid being captured. An encrypted TCP session established by attackers using ssh makes stepping-stone intrusion detection harder than non-encrypted sessions. Even though the contents of an encrypted packet are not readable, its header fields in different layers are not encrypted. In this paper, we propose a novel algorithm to detect stepping-stone intrusion based on IP address, port number, TCP packet flags, and the length of an encrypted packet. A preliminary experimental result in a local area network shows that the proposed algorithm cannot only detect stepping-stone intrusion, but also resist intruders’ session manipulation.
Recommended Citation
Yang, Jianhua; Wang, Lixin; Shakya, Suhev; and Workman, Michael, "Identify Encrypted Packets to Detect Stepping-Stone Intrusion" (2021). Faculty Bibliography. 3292.
https://csuepress.columbusstate.edu/bibliography_faculty/3292
