Department of Computer Science at UH

University of Houston

Department of Computer Science

In Partial Fulfillment of the Requirements for the Degree of
Master of Science

Wei Ding

Will defend his thesis

Detecting Stepping-Stone Intruders With Long Connection Chains

Abstract

A common technique hackers use is to route their traffic through a chain of stepping-stone hosts. It is generally agreed that there is no valid reason to use a long connection chain for remote login such as SSH connection. Most of the stepping-stone detection algorithms installed on a stepping-stone host were designed to protect the victim of a third party downstream from where the algorithm is running. It is much more important for a host to protect it from being a victim. This project uses an approximated round-trip time to distinguish a long connection chain from short ones. An estimated round trip time was defined to measure the chain length. Several measures were studied to distinguish long chains from short ones. Results show that the proposed algorithm is able to distinguish long connection chains from short ones with relatively low false rate.

Date: Thursday, April 29th, 2010
Time: 2:30 PM
Place: 550-PGH
Faculty, students, and the general public are invited.
Advisor: Dr. Stephen Huang