Share Email Print
cover

Proceedings Paper

Scalable wavelet-based active network detection of stepping stones
Author(s): Joseph I. Gilbert; David J. Robinson; Jonathan W. Butts; Timothy H. Lacey
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. Identifying stepping stones presents a significant challenge because network sessions appear as legitimate traffic. This research focuses on a novel active watermark technique using discrete wavelet transformations to mark and detect interactive network sessions. This technique is scalable, resilient to network noise, and difficult for attackers to discern that it is in use. Previously captured timestamps from the CAIDA 2009 dataset are sent using live stepping stones in the Amazon Elastic Compute Cloud service. The client system sends watermarked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted in which the system sends simultaneous watermarked samples and unmarked samples to each target. The live experiment results demonstrate approximately 5% False Positive and 5% False Negative detection rates. Additionally, watermark extraction rates of approximately 92% are identified for a single stepping stone. The live experiment results demonstrate the effectiveness of discerning watermark traffic as applied to identifying stepping stones.

Paper Details

Date Published: 8 May 2012
PDF: 13 pages
Proc. SPIE 8408, Cyber Sensing 2012, 84080I (8 May 2012); doi: 10.1117/12.919571
Show Author Affiliations
Joseph I. Gilbert, Air Force Institute of Technology (United States)
David J. Robinson, Air Force Institute of Technology (United States)
Jonathan W. Butts, Air Force Institute of Technology (United States)
Timothy H. Lacey, Air Force Institute of Technology (United States)


Published in SPIE Proceedings Vol. 8408:
Cyber Sensing 2012
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top