Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Gurtov, Andrei
dc.contributor.author Bhattacherjee, Debopam
dc.date.accessioned 2016-08-26T09:02:39Z
dc.date.available 2016-08-26T09:02:39Z
dc.date.issued 2016-07-29
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/21582
dc.description.abstract Stepping stones are compromised hosts in a network which can be used by hackers and other malicious attackers to hide the origin of connections. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual victim host. Various timing and content based detection techniques have been proposed in the literature to trace back through a chain of stepping stones in order to identify the attacker. This has naturally led to evasive strategies such as shaping the traffic differently at each hop. The evasive techniques can also be detected. Our study aims to adapt some of the existing stepping stone detection and anti-evasion techniques to software-defined networks which use network function virtualization. We have implemented the stepping-stone detection techniques in a simulated environment and uses Flow for the traffic monitoring at the switches. We evaluate the detection algorithms on different network topologies and analyze the results to gain insight on the effectiveness of the detection mechanisms. The selected detection techniques work well on relatively high packet sampling rates. However, new solutions will be needed for large SDN networks where the packet sampling rate needs to be lower. en
dc.format.extent 68 + 0
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Perustieteiden korkeakoulu fi
dc.subject.keyword stepping stone attack en
dc.subject.keyword network function virtualization en
dc.subject.keyword network monitoring en
dc.identifier.urn URN:NBN:fi:aalto-201608263038
dc.programme.major Mobile Computing, Service and Security fi
dc.programme.mcode SCI3071 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Aura, Tuomas
dc.programme Master's Degree Programme in Security and Mobile Computing (NordSecMob) fi


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive


Advanced Search

article-iconSubmit a publication

Browse

My Account