{"title":"利用关联规则挖掘检测踏脚石连接","authors":"Ying-Wei Kuo, S. S. Huang","doi":"10.1109/ARES.2009.101","DOIUrl":null,"url":null,"abstract":"A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Detecting Stepping-Stone Connection Using Association Rule Mining\",\"authors\":\"Ying-Wei Kuo, S. S. Huang\",\"doi\":\"10.1109/ARES.2009.101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.\",\"PeriodicalId\":169468,\"journal\":{\"name\":\"2009 International Conference on Availability, Reliability and Security\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2009.101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting Stepping-Stone Connection Using Association Rule Mining
A main concern for network intrusion detection systems is the ability of an intruder to evade the detection by routing through a chain of intermediate stepping-stone hosts. The intruders have developed some evasion techniques such as injecting chaff packets or timing jitter. Such evasion techniques cause most of the previous timing-based detection algorithms to fail. In this paper, we address these issues and devise a methodology to defeat these counter measures. Our algorithm uses modified association rule mining to detect stepping-stones. It is based on finding as many matched pairs of packets as possible within the fixed length intervals and then decide whether it is a stepping-stone connection by the matched rate. This algorithm allows checking multiple connections at once and therefore greatly increasing the efficiency compared to others. We examine the selected parameters and provide different trade-offs among false rates. Our experiments report a very good performance with very high detection rate and low false detection rate when using carefully selected parameter values.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
