Show simple item record

dc.contributor.advisorHuang, Stephen
dc.creatorZhang, Hongyang 1988-
dc.date.accessioned2015-01-05T05:21:16Z
dc.date.available2015-01-05T05:21:16Z
dc.date.createdMay 2014
dc.date.issued2014-05
dc.identifier.urihttp://hdl.handle.net/10657/867
dc.description.abstractRouting packet traffic through a chain of hosts is a common technique for hackers to attack a victim machine without exposing themselves. Generally, a long connection chain formed is an indication of the presence of an intruder. Previous work has mostly focused on detecting stepping-stone hosts. Few researchers have addressed the issue of long connection chains (especially downstream detection). A challenging issue in this area is to detect users connecting to a server using a long connection chain with only the information at the end of the chain. This thesis presents a solution to the problem of detecting upstream long connection chains. We first observe that the longer a connection chain is, the more packet crossovers are generated. Thus we reduce the problem of detecting long chains to that of detecting unusually large number of packet crossovers along the chain between requests and responses at server side. However, the approach requires the packet information along the whole chain. Since we cannot directly measure the number of crossovers on intermediate nodes, we are forced to study the consequences of large number of crossovers. A detection algorithm has been designed based on the distribution of packet gaps. We validated our algorithm using test data generated on the Internet. The result shows a high detection rate of long connection chains from short ones without too many false positives.
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.rightsThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).
dc.subjectIntrusion detection
dc.subjectStepping-stone
dc.subject.lcshComputer science
dc.titleDetecting Network Intruders by Examining Packet Crossovers in Connections
dc.date.updated2015-01-05T05:21:17Z
dc.type.genreThesis
thesis.degree.nameMaster of Science
thesis.degree.levelMasters
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Houston
thesis.degree.departmentComputer Science, Department of
dc.contributor.committeeMemberShi, Weidong
dc.contributor.committeeMemberMerchant, Fatima Aziz
dc.type.dcmiText
dc.format.digitalOriginborn digital
dc.description.departmentComputer Science, Department of
thesis.degree.collegeCollege of Natural Sciences and Mathematics


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record