Applied Computer Security Associates (ACSA)

Latest Content From Applied Computer Security Associates (ACSA)

Whitepaper: The Way by Estimating the Variation of TCP Packet Round Trip Time to Detect Stepping-Stone Intrusion

by Applied Computer Security Associates (ACSA)Jan 01, 2008

A common way to detect stepping-stone intrusion is to estimate the number of hosts compromised by computing the length of a connection chain. This paper proposes Std-ratio approach to detect stepping-stone intrusion, as well as Std-clustering method to find TCP packet round trip time of a connection chain. Std-ratio is method to use ratio between standard deviation of round trip time gaps to downstream neighbor host and to end side of connection chain. Std-clustering is a method to determine the round trip time cluster by comparing standard deviation of each candidate cluster.