| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 387127 | Expert Systems with Applications | 2010 | 7 Pages |
When network intruders launch attacks to a victim host, they try to avoid revealing their identities by indirectly connecting to the victim through a sequence of intermediary hosts, called stepping-stones. One effective stepping-stone detection mechanism is to detect such a long connection chain by estimating the number of stepping-stones. Artificial neural networks provide the potential to identify and classify network activities. In this paper, we propose an approach that utilizes the analytical strengths of neural networks to detect stepping-stone intrusion. Two schemes are developed for neural network investigation. One uses eight packet variables and the other clusters a sequence of consecutive packet round-trip times. The experimental results show that using neural networks as the detection tool works well to predict the number of stepping-stones for incoming packets by both proposed schemes through monitoring a connection chain with a few packets. In addition, various transfer functions and learning rules are studied and it is observed that using Sigmoid transfer function and Delta learning rule generally provides better prediction.
