Getting the Real-Time Precise Round-Trip Time for Stepping Stone Detection

Li, Ping; Zhou, Wanlei; Wang, Yini

doi:10.1109/nss.2010.36

Cited by 8 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Las herramientas para la captura de datos y análisis de la información comprenden modelos matemáticos y pruebas de datos reales que se relacionen con estos modelos, los cuales pueden ser ejecutados en modo simulado, de forma que los resultados deben evidenciar la presencia de errores que permitan diferenciarlos de los datos reales [28]. Otro parámetro utilizado para caracterizar un canal de comunicaciones es la tasa de transmisión [29], donde la medida del flujo de datos por el canal es obtenida con la herramienta ping, la cual determina el retardo de transmisión de los paquetes [30]. De la misma manera, se obtiene el RTT (Round Trip Time), el cual detalla el tiempo requerido por los paquetes para ir a su destino y retornar a su origen [31].…”

Section: Características Relevantes De Un Canal De Comunicacionesunclassified

Caracterización de canales de comunicación por tráfico y arquitectura de la red: una revisión<br />Characterization of communication channels in terms of traffic and network architecture: a review

Serna-Guarín¹,

Delgado-Trejos²

2014

Iteckne

View full text Add to dashboard Cite

Section: Características Relevantes De Un Canal De Comunicacionesunclassified

Caracterización de canales de comunicación por tráfico y arquitectura de la red: una revisión<br />Characterization of communication channels in terms of traffic and network architecture: a review

Serna-Guarín¹,

Delgado-Trejos²

2014

Iteckne

View full text Add to dashboard Cite

“…In this paper, we define the time delay between the ‘send packet’ and the corresponding ‘echo packet’ as the RTT for stepping stones. To retrieve the value of RTT, we adopt the Estimation‐Based Algorithm (EBA) algorithm . This algorithm estimates the value of RTT according to previous RTTs and then finds the ‘send packet’ and the corresponding ‘echo packet’ pair whose time delay is the closest to the estimating value.…”

Section: Abnormal Causality Probability Analysismentioning

confidence: 99%

“…When packets come in on a connection, APD will first calculate the RTT in real‐time by the estimation‐based RTT getting algorithm . Once a new RTT sequence

Rt t_{a}^{i}

is obtained, the APD algorithm will do a comparison with each connection that needs to be compared.…”

Section: Algorithm and Analysismentioning

confidence: 99%

“…This is because, on the one hand, any timing delay will not affect the packet arrival order on the connection chain, that is, causality. On the other hand, APD and SAPD algorithms are dependent on the RTTs obtained by the estimation‐based RTT getting algorithm that can filter imperfect internet transmission and unsymmetrical chaff packets by ignoring the packets, which do not have a corresponding echo or send packets.…”

Section: Algorithm and Analysismentioning

confidence: 99%

See 1 more Smart Citation

Detecting stepping stones by abnormal causality probability

Wen

et al. 2014

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Locating the real source of the Internet attacks has long been an important but difficult problem to be addressed. In the real world, attackers can easily hide their identities and evade punishment by relaying their attacks through a series of compromised systems or devices called stepping stones. Currently, researchers mainly use similar features from the network traffic, such as packet timestamps and frequencies, to detect stepping stones. However, these features can be easily destroyed by attackers using evasive techniques. In addition, it is also difficult to implement an appropriate threshold of similarity that can help justify the stepping stones. In order to counter these problems, in this paper, we introduce the consistent causality probability to detect the stepping stones. We formulate the ranges of abnormal causality probabilities according to the different network conditions, and on the basis of it, we further implement to self‐adaptive methods to capture stepping stones. To evaluate our proposed detection methods, we adopt theoretic analysis and empirical studies, which demonstrate accuracy of the abnormal causality probability. Moreover, we compare our proposed methods with previous works. The result shows that our methods in this paper significantly outperform previous works in the accuracy of detection malicious stepping stones, even when evasive techniques are adopted by attackers. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

“…If the roundtrip time between the scanner and server is in the order of tens of milliseconds [17] and a window of ten packets is used, then, on the average, it takes 1 ms to check for each username; so we assume that 1,000 usernames can be checked per second. If the roundtrip time is larger, an appropriate window can be chosen to achieve this rate.…”

Section: Vpn Security Modelmentioning

confidence: 99%

Security Analysis of VPN Configurations in Industrial Control Environments

Rahimi

Zargham

2011

Critical Infrastructure Protection V

View full text Add to dashboard Cite

Virtual private networks (VPNs) are widely recommended to protect otherwise insecure industrial control protocols. VPNs provide confidentiality, integrity and availability, and are often considered to be secure. However, implementation vulnerabilities and protocol flaws expose VPN weaknesses in many deployments. This paper uses a probabilistic model to evaluate and quantify the security of VPN configurations. Simulations of the VPN model are conducted to investigate the trade-offs and parameter dependence in various VPN configurations. The experimental results provide recommendations for securing VPN deployments in industrial control environments.Keywords: Control systems, virtual private networks, security analysis IntroductionVirtual private networks (VPNs) are widely used to provide secure communications over insecure public networks. VPNs provide security services such as confidentiality, integrity and availability by creating encrypted tunnels between the communicating parties.VPNs are recommended in the literature and by many critical infrastructure protection standards to secure process control, SCADA and automation protocol communications [14-16, 21, 22]. Although these protocols are generally very reliable, they were not designed to resist malicious attacks. As a result, it is recommended to wrap industrial protocols such as DNP3 [18], 61850 [13] and Modbus [19] within VPN tunnels to protect them from unauthorized access. These configurations supposedly offer confidentiality, integrity and availability [22], but little work has focused on the secure configuration of VPN tunnels and the maintenance required for their secure operation [22].

show abstract

Getting the Real-Time Precise Round-Trip Time for Stepping Stone Detection

Cited by 8 publications

References 6 publications

Caracterización de canales de comunicación por tráfico y arquitectura de la red: una revisión<br />Characterization of communication channels in terms of traffic and network architecture: a review

Caracterización de canales de comunicación por tráfico y arquitectura de la red: una revisión<br />Characterization of communication channels in terms of traffic and network architecture: a review

Detecting stepping stones by abnormal causality probability

Security Analysis of VPN Configurations in Industrial Control Environments

Contact Info

Product

Resources

About