Santos’: Algoritmo para Detecção de Ataques do Tipo Stepping-stones
Abstract
Currently, detection of incidents related to cyber threats is considered a challenging task. The increasing number of threats in the network makes information security as a significant topic for discussion in the security community, conducting studies that propose or implement solutions for privacy and protection of users on the network. Despite the methods to carry out attacks, the stepping-stones method stands out because it is an intrusion technique that allows maintaining the anonymity of the invaders and that uses a chain of intermediate machines, which are interconnected, through remote connections. In the present research, an algorithm for detecting and classifying intrusions by stepping-stones is proposed to sort the remote connections as coming from intruders or from legitimate users. The experiments were carried out in three stages: The first one being designated in the definition of a classification profile of the connections; The second to apply the algorithm to an international database; in addition, the third for validation with actual attacks. The results indicated a statistical significance for the profile classification (97.5% accuracy), in the verification process as the attack detection method (100% accuracy) and validation in a real environment (95% accuracy).
References
Daud, A. Y., Ghazali, O., and Omar, M. N. (2015). Stepping-stone Detection Technique for Recognizing Legitimate and Attack Connections. In Jamaludin, Z., ChePa, N., Ishak, W. H. W., and Zaibon, S. B., editors, 5th International Conference on Computing and Informatics, number 189, pages 440–446, Istanbul, Turkey. School of Computing, University Utara Malaysia.
Ding,W. and Huang, S.-H. S. (2011). Detecting Intruders Using a Long Connection Chain to Connect to a Host. In 2011 IEEE International Conference on Advanced Information Networking and Applications, pages 121–128, Biopoles, Singapure. IEEE.
Global, P. (2013). Na mira dos ataques cibernéticos - Pesquisa Global. Technical report, Ernest & Young, Rio de Janeiro, RJ.
Gosset, W. S. (1908). The Probable Error of a Mean. Biometrika, 6(1):1.
Herd, G. P. and Kriendler, J. (2013). Understanding NATO in the 21st Century: Alliance Strategies, Security and Global Governance. Contemporary Security Studies. Taylor & Francis, Abingdon, UK, 1 edition.
Huang, S.-H. S., Zhang, H., and Phay, M. (2016). Detecting Stepping-Stone Intruders by Identifying Crossover Packets in SSH Connections. In 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pages 1043–1050. IEEE.
Kumar, R. and Gupta, B. (2016). Neural Network Based Approach for Stepping Stone Detection under Delay and Chaff Perturbations. Procedia Computer Science, 85(Cms):155–165.
Kuo, Y.-W., Huang, S.-H. S., Ding, W., Kern, R., and Yang, J. (2010). Using Dynamic Programming Techniques to Detect Multi-hop Stepping-Stone Pairs in a Connection Chain. In 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pages 198–205. IEEE.
Mittal, R., Lam, V. T., Dukkipati, N., Blem, E., Wassel, H., Ghobadi, M., Vahdat, A., Wang, Y., Wetherall, D., and Zats, D. (2015). Timely: Rtt-based congestion control for the datacenter. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, SIGCOMM ’15, pages 537–550, New York, NY, USA. ACM.
Omar, M. N., Siregar, L., and Budiarto, R. (2008). Hybrid stepping stone detection method. In 2008 First International Conference on Distributed Framework and Applications, pages 134–138. IEEE.
Pearson, K. (1913). On the Probable Error of a Coefficient of Correlation as found from a Fourfold Table. Biometrika, 9(1-2):22–27.
Staniford-Chen, S. and Heberlein, L. (1995). Holding intruders accountable on the Internet. In Proceedings 1995 IEEE Symposium on Security and Privacy, pages 39–49. IEEE Comput. Soc. Press.
Wu, H.-C. and Huang, S.-H. S. (2010). Neural networks-based detection of stepping-stone intrusion. Expert Systems with Applications, 37(2):1431–1437.
Zhang, H. (2014). Detecting Network Intruders by Examining Packet Crossovers in Connections. Dissertação (mestrado em ciências da computação), Dissertação (Mestrado em Ciências da Computação) – University of Houston, Texas.
Zhang, Y. and Paxson, V. (2000). Detecting stepping stones. In Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9, SSYM’00, pages 13–13, Berkeley, CA, USA. USENIX Association.
