Analysis of Stepping‐Stone Attacks in Internet of Things Using Dynamic Vulnerability Graphs

Gamarra, Marco; Shetty, Sachin; González, O.R.; Nicol, David M.; Kamhoua, Charles A.; Njilla, Laurent

doi:10.1002/9781119593386.ch12

Cited by 3 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With industrial Internet of Things, a privacy-preserved data sharing scheme was proposed in [26] where competing customers can coexist in different stages of the IoT system. Gamarra et al [27] developed a model that describes the propagation of SSI attacks in the IoT systems using a vulnerability graph whose topology is fixed as well as switching. The model can be expanded to a more realistic scenario when the vulnerability graph changes because the attack is discovered or the intrusion detection system of the IoT is trigged.…”

Section: Literature Review On Ssidmentioning

confidence: 99%

A Framework to Test Resistency of Detection Algorithms for Stepping‐Stone Intrusion on Time‐Jittering Manipulation

Wang

Yang

Workman

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Hackers on the Internet usually send attacking packets using compromised hosts, called stepping-stones, in order to avoid being detected and caught. With stepping-stone attacks, an intruder remotely logins these stepping-stones using programs like SSH or telnet, uses a chain of Internet hosts as relay machines, and then sends the attacking packets. A great number of detection approaches have been developed for stepping-stone intrusion (SSI) in the literature. Many of these existing detection methods worked effectively only when session manipulation by intruders is not present. When the session is manipulated by attackers, there are few known effective detection methods for SSI. It is important to know whether a detection algorithm for SSI is resistant on session manipulation by attackers. For session manipulation with chaff perturbation, software tools such as Scapy can be used to inject meaningless packets into a data stream. However, to the best of our knowledge, there are no existing effective tools or efficient algorithms to produce time-jittered network traffic that can be used to test whether an SSI detection method is resistant on intruders’ time-jittering manipulation. In this paper, we propose a framework to test resistency of detection algorithms for SSI on time-jittering manipulation. Our proposed framework can be used to test whether an existing or new SSI detection method is resistant on session manipulation by intruders with time-jittering.

show abstract

Section: Literature Review On Ssidmentioning

confidence: 99%

A Framework to Test Resistency of Detection Algorithms for Stepping‐Stone Intrusion on Time‐Jittering Manipulation

Wang

Yang

Workman

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…Gamarra et al [22] proposed a model that describe the characters of stepping-stone attacks in the Internet of Things (IoT) by constructing a graph based on vulnerabilities. In this paper, the stepping-stone dynamic is formulated as a linear system.…”

Section: Literature Reviewmentioning

confidence: 99%

Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

Yang

Wang

2021

Sensors

View full text Add to dashboard Cite

A long interactive TCP connection chain has been widely used by attackers to launch their attacks and thus avoid detection. The longer a connection chain, the higher the probability the chain is exploited by attackers. Round-trip Time (RTT) can represent the length of a connection chain. In order to obtain the RTTs from the sniffed Send and Echo packets in a connection chain, matching the Sends and Echoes is required. In this paper, we first model a network traffic as the collection of RTTs and present the rationale of using the RTTs of a connection chain to represent the length of the chain. Second, we propose applying MMD data mining algorithm to match TCP Send and Echo packets collected from a connection. We found that the MMD data mining packet-matching algorithm outperforms all the existing packet-matching algorithms in terms of packet-matching rate including sequence number-based algorithm, Yang’s approach, Step-function, Packet-matching conservative algorithm and packet-matching greedy algorithm. The experimental results from our local area networks showed that the packet-matching accuracy of the MMD algorithm is 100%. The average packet-matching rate of the MMD algorithm obtained from the experiments conducted under the Internet context can reach around 94%. The MMD data mining packet-matching algorithm can fix the issue of low packet-matching rate faced by all the existing packet-matching algorithms including the state-of-the-art algorithm. It is applicable to network-based stepping-stone intrusion detection.

show abstract

An approach for assessing the functional vulnerabilities criticality of CPS components

Alguliyev,

Aliguliyev,

Sukhostat

2025

Cyber Security and Applications

View full text Add to dashboard Cite

Analysis of Stepping‐Stone Attacks in Internet of Things Using Dynamic Vulnerability Graphs

Cited by 3 publications

References 8 publications

A Framework to Test Resistency of Detection Algorithms for Stepping‐Stone Intrusion on Time‐Jittering Manipulation

A Framework to Test Resistency of Detection Algorithms for Stepping‐Stone Intrusion on Time‐Jittering Manipulation

Applying MMD Data Mining to Match Network Traffic for Stepping-Stone Intrusion Detection

An approach for assessing the functional vulnerabilities criticality of CPS components

Contact Info

Product

Resources

About