Detection of intermediatry hosts trough TCP latency propagation
No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Helsinki University of Technology |
Diplomityö
Checking the digitized thesis and permission for publishing
Instructions for the author
Instructions for the author
Author
Date
2009
Department
Major/Subject
Tietokoneverkot
Mcode
T-110
Degree programme
Language
en
Pages
(9+) 101
Series
Abstract
The popularity and potential of internet attracts users with illegal intentions as well. The attackers generally establish a connection by logging in to a number of intermediary hosts before launching an attack at the victim host. These intermediary hosts are called as stepping-stones. On the victim side, it becomes hard to detect that. the peer communicating with the victim is whether a real originator of the connection or it is merely acting as an intermediary host in the connection chain, This master dissertation proposed an approach based on Interarrival packet time to distinguish an incoming connection from a connection coming via some intermediary hosts. The proposed approach uses information available at the receiving end and applicable to encrypted traffic too. The approach was successfully tested for SSH, Telnet, FTP, HTTP and SMTP protocols and implemented in to an intrusion detection system for corresponding protocols. The main applications for the proposed approach are Manual intrusion detection, Tor usage detection and Spam messages detection. The approach is also applicable for the digital forensics investigations.Description
Supervisor
Mjølsnes, Stig F.|Tarkoma, SasuThesis advisor
Willassen, Svein Y.Keywords
network security, stepping-stone detection, manual intrusion detection, tor usage detection, spam detection and digital forensics investigation