Finding TCP Packet Round-Trip Time for Intrusion Detection: Algorithm and Analysis

Autor:	Byong G. Lee, Jianhua Yang, Yongzhong Zhang
Rok vydání:	2006
Předmět:	Transmission Control Protocol Computer science Network packet Network security business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Cryptography Intrusion detection system Round-trip delay time Cluster analysis business Upper and lower bounds Algorithm
Zdroj:	Cryptology and Network Security ISBN: 9783540494621 CANS
DOI:	10.1007/11935070_21
Popis:	Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to detect a long interactive connection chain. TCP packet round-trip time (RTT) can be used to estimate the length of a connection chain. In this paper, we propose a Standard Deviation-Based Clustering (SDC) Algorithm to find RTTs. SDC takes advantage of the fact that the distribution of RTTs is concentrated on a small range to find RTTs. It outperforms other approaches in terms of packet matching-rate and matching-accuracy. We derive an upper-bound of the probability of making an incorrect selection of RTT through SDC. This paper includes some experimental results to compare SDC with other algorithms and discusses its restrictions as well.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::8c81130957bc3f4d9688f1ecf550aa9e https://doi.org/10.1007/11935070_21 Zobrazit plný text záznamu