An Effective Approach for Stepping-Stone Intrusion Detection Resistant to Intruders’ Chaff-Perturbation via Packet Crossover

preprint OA: closed CC-BY-4.0
🔓 Open OA copy View at publisher

Abstract

Today’s intruders usually send attacking commands to a target system through several stepping-stone hosts, in order to reduce the chance of being detected. With stepping-stone intrusion (SSI), the intruder’s identity is hidden behind a long interactive chain of hosts and very hard to detect. An effective approach for SSI detection (SSID) is to estimate the length of the chain. This type of method is called network-based SSID. Most existing network-based SSID worked effectively only when intruders’ session manipulation was not present. These known SSID algorithms are either weak to resist intruders’ chaff-perturbation manipulation or having very limited capability in resisting attacker’s session manipulation. This paper develops a novel network-based SSID algorithm resistant to intruders’ chaff-perturbation by using packet crossover. Our proposed SSID algorithm is simple and easy to implement as the number of packet crossovers can be easily computed. We conduct rigorous technical proofs to verify the correctness of our proposed algorithm. The experimental results show that our proposed SSID algorithm works effectively and perfectly in resisting intruders’ chaff-perturbation up to 50% chaff rate.

My notes (saved in your browser only)

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.

Source provenance

europepmc
last seen: 2026-05-19T01:45:01.086888+00:00
unpaywall
last seen: 2026-06-06T02:00:05.402940+00:00
License: CC-BY-4.0