踏脚石入侵检测中的嗅探和欺骗网络流量

2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA) Pub Date : 2018-05-16 DOI:10.1109/WAINA.2018.00137

Jianhua Yang, Yongzhong Zhang, R. King, T. Tolbert

{"title":"踏脚石入侵检测中的嗅探和欺骗网络流量","authors":"Jianhua Yang, Yongzhong Zhang, R. King, T. Tolbert","doi":"10.1109/WAINA.2018.00137","DOIUrl":null,"url":null,"abstract":"Since stepping-stones were widely used to launch attacks over the targets in the Internet, many approaches have been developed to detect stepping-stone intrusion. We found that most of the approaches need to sniff and analyze computer network traffic to detect stepping-stone intrusion. In this paper, we introduce how to make a code to sniff TCP/IP packet. But some intruders can evade detection using TCP/IP session manipulation, such as chaff-perturbation. In order to help researchers understand how a session is manipulated and develop more advanced approaches not only detecting stepping-stone intrusion, but also resisting intruders' manipulation, we present a tool Fragroute which can be used to inject meaningless packets into a TCP/IP session across the Internet.","PeriodicalId":296466,"journal":{"name":"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Sniffing and Chaffing Network Traffic in Stepping-Stone Intrusion Detection\",\"authors\":\"Jianhua Yang, Yongzhong Zhang, R. King, T. Tolbert\",\"doi\":\"10.1109/WAINA.2018.00137\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since stepping-stones were widely used to launch attacks over the targets in the Internet, many approaches have been developed to detect stepping-stone intrusion. We found that most of the approaches need to sniff and analyze computer network traffic to detect stepping-stone intrusion. In this paper, we introduce how to make a code to sniff TCP/IP packet. But some intruders can evade detection using TCP/IP session manipulation, such as chaff-perturbation. In order to help researchers understand how a session is manipulated and develop more advanced approaches not only detecting stepping-stone intrusion, but also resisting intruders' manipulation, we present a tool Fragroute which can be used to inject meaningless packets into a TCP/IP session across the Internet.\",\"PeriodicalId\":296466,\"journal\":{\"name\":\"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2018.00137\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2018.00137","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

自从踏脚石入侵被广泛用于对网络目标发起攻击以来，人们开发了许多检测踏脚石入侵的方法。我们发现大多数方法都需要嗅探和分析计算机网络流量来检测入侵。本文介绍了如何编写一个嗅探TCP/IP数据包的代码。但是一些入侵者可以使用TCP/IP会话操作来逃避检测，例如箔条扰动。为了帮助研究人员了解会话是如何被操纵的，并开发更先进的方法，不仅可以检测入侵的跳板，而且可以抵抗入侵者的操纵，我们提出了一个工具Fragroute，它可以用来在互联网上向TCP/IP会话注入无意义的数据包。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Sniffing and Chaffing Network Traffic in Stepping-Stone Intrusion Detection

Since stepping-stones were widely used to launch attacks over the targets in the Internet, many approaches have been developed to detect stepping-stone intrusion. We found that most of the approaches need to sniff and analyze computer network traffic to detect stepping-stone intrusion. In this paper, we introduce how to make a code to sniff TCP/IP packet. But some intruders can evade detection using TCP/IP session manipulation, such as chaff-perturbation. In order to help researchers understand how a session is manipulated and develop more advanced approaches not only detecting stepping-stone intrusion, but also resisting intruders' manipulation, we present a tool Fragroute which can be used to inject meaningless packets into a TCP/IP session across the Internet.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)

自引率

0.00%

发文量