A Study of Detecting Hiding Stepping-Stone Using Network Traffic Association Mining Approach
| Autor: | Wei-Cheng Fan, 范瑋宬 |
|---|---|
| Rok vydání: | 2011 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 99 With the advanced growth and prevalence of the Internet, it has become essential in people’s daily life. However, the convenience of the Internet brought threats that were unable to see in the past. One of the most serious threats is the Internet attack. The attackers intrude users’ computer and modify their data so as to reach certain goal or to obtain certain information. Further, avoiding to be detected, the attackers use a so called “Stepping Stone” to launch the Internet attack. The Stepping Stone are the computers that were intruded and configured in advance for the convenience of launching attacks. Moreover, the network protocols used between attackers and Stepping Stones are similar to the ones used between normal users. This would be an obstacle for network managers to uncover the Stepping Stone and lead to huge disasters. Therefore, detecting hidden Stepping Stone in local LAN has become an important issue to investigate. In this research, based on Association Rule Mining, we proposed a detection mechanism to analyze the network traffic data and uncover the potential Stepping Stones in the network environment. We also built up a detection system on the campus of National University of Kaohsiung, conducted empirical validation for evaluating our proposed system. The results show that our proposed mechanism is effective and has 83% accuracy in uncovering hidden Stepping Stones. We believe this research can be an important reference for the future studies that investigate the issue of Stepping Stone. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|