Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30184
Intelligent Network-Based Stepping Stone Detection Approach

Authors: Mohd Nizam Omar, Rahmat Budiarto


This research intends to introduce a new usage of Artificial Intelligent (AI) approaches in Stepping Stone Detection (SSD) fields of research. By using Self-Organizing Map (SOM) approaches as the engine, through the experiment, it is shown that SOM has the capability to detect the number of connection chains that involved in a stepping stones. Realizing that by counting the number of connection chain is one of the important steps of stepping stone detection and it become the research focus currently, this research has chosen SOM as the AI techniques because of its capabilities. Through the experiment, it is shown that SOM can detect the number of involved connection chains in Network-based Stepping Stone Detection (NSSD).

Keywords: Artificial Intelligent, Self-Organizing Map (SOM), Stepping Stone Detection, Tracing Intruder.

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1141


[1] CERT, (2007, February 8). (Online). Available:
[2] Y. Zhang, and V. Paxson, "Detecting stepping stones", in Proc. 9th USENIX Security Symposium, Denver, 2000, pp. 67 - 81.
[3] S. Staniford-Chen, and L. T. Herberlein, "Holding intruders accountable on the Internet", in Proc. 1995 IEEE Symposium on Security and Privacy, Oakland, 1995, pp. 39 - 49.
[4] X. Wang, S. Chen, and S. Jajodia, "Network flow watermarking attack on low-latency anonymous communication systems", in Proceeding of the 2007 IEEE Symposium on Security & Privacy (S & P 2007), USA, 2007, pp. 116 - 130.
[5] X. Wang, D. S. Reeves, and S. F. Wu, "Inter-packet delay based correlation for tracing encrypted connection through stepping stone", in Proc. 7th European Symposium on Research in Computer Security (ESORICS 2002), Zurich, 2002, pp. 224 - 263.
[6] X. Wang, D. Reeves, and S. F. Wu, "Tracing based active intrusion response", Journal of Information Warefare, vol. 1, Issue 1, pp. 50-61,2001.
[7] K. Yoda, and H. Etoh, "Finding connection chain for tracing intruders", in Proc. 6th European Symposium on Research in Computer Security (LNCS 1985), France, 2000, pp. 31 - 42.
[8] L. Zhang, A. G. Persaud, A. Johnson, and Y. Guan, "Detection of stepping stone attack under delay and chaff perturbations", in Proc. 25th IEEE International Performance Computing and Communications Conference (IPCCC 2006), USA, 2006, pp. 246 - 256.
[9] A. Blum, D. Song, and S. Benkataraman, "Detection of interactive stepping stone: algorithm and confidence bounds", Lecture Notes in Computer Science, Springer Berlin / Heidelberg, Volume 3224/2004, pg. 258-277, 2004.
[10] W. Han-Ching, and S. H. Shou-Hsuan, "Performance of neural networks in stepping-stone intrusion detection", in Proc. IEEE International Conference on Networking, Sensing and Control 2008 (ICNSC 2008), Sanya, 2008, pp. 608 - 613.
[11] Y. Jianhua, and S. H. Shou-Hsuan, "Mining TCP/IP packet to detect stepping-stone intrusion", Computer & Security, vol. 26(7-8), pp. 479- 484, 2007.
[12] T. Kohonen, "The self-organizing map", In Proceedings of the IEEE. USA, 1990, pp. 1464-1480.
[13] M. N. Omar, M. A. Maarof, and A. Zainal, "The Optimization of Stepping Stone Detection: Packet Capture Steps", Jurnal Teknologi, 44(D), pp. 1 - 14, 2006.
[14] M. N. Omar, M. A. Maarof, and A. Zainal, "Identification steps for the optimization of stepping stone detection", in Proc. ECTI Transaction on Electrical / Electronic and Communication (ECTI 2004), Thailand, 2004.
[15] M. N. Omar, M. A. Maarof, and A. Zainal, "Comparison Steps for The Optimization of Stepping Stone", in Proc. Telematics System, Services, and Application 2004 (TSSA 2004), Indonesia, 2004.
[16] S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, T. Heberlein, C, Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. Mansur, "DIDS (Distributed Intrusion Detection System) - motivation, architecture and early prototype", in Proceeding 14th National Computer Security Conference, USA, 1991, pp. 161 - 176.
[17] H. T. Jung, H. L. Kim, Y. M. Seo, G. Choe, S. L. Min, and C. S. Kim, "Caller identification system in the internet environment", in Proc. Proceedings of 4th USENIX Security Symposium, New Orleans, 1997, pp. 69 - 78.
[18] S. Wadell, 1991. Private Communication.
[19] D. Schnackenbert, Dynamic Cooperating Boundary Controllers.
[20] X. Wang, "Tracing Intruders behind Stepping Stones", Ph.D. dissertation, North Carolina State University, 2004.
[21] Telnet Environment Option (2009, February 8). (Online). Available:
[22] T. Ylonen, (2009, February 8). (Online). Available:
[23] M. N. Omar, L. Siregar, and R. Budiarto, "Dropped Packet Problems in Stepping Stone Detection Method", International Journal of Computer Science & Network Security (IJCSNS), vol. 8(1), pp. 109-115, 2008.
[24] X. Wang, and D. S. Reeves, "Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays", in Proc. 10th ACM Conference on Computer and Communication Security (CCS 2003), USA, 2003, pp. 20 - 29.
[25] M. Venkateshaiah, "Evading Existing Stepping Stone Detection Methods", Master Thesis, University of Texas at Arlington, 2006.
[26] M. N. Omar, L. Siregar, and R. Budiarto, "Hybrid stepping stone detection method", In Proc. The 1st International Conference on Distributed Frameworks and Application (DFmA 08), Malaysia, 2008, pp. 134 - 138.
[27] M. N. Omar, and R. Budiarto, "Intelligent host-based stepping stone detection approach", 2009 World Congress on Computer Science and Information Engineering (CSIE 2009), to be published.
[28] N. Michael, Artificial Intelligence A Guide to Intelligent Systems. Addison-Wesley. England, 2001.
[29] F. L. George, Artificial Intelligence Structures and Strategies for Complex Problem Solving, Addison-Wesley. England, 4th Edition, 2002.
[30] Wikipedia. (2009, February 8). Artificial Neural Network.
[Online]. Available:
[31] S. Jian-Hua, J. Hai, C. Hao, and H. Zong-Fen, "MA-IDS: A Distributed Intrusion Detection System Based on Data Mining", Wuhan University Journal of Natural Sciences (WUJNS), vol. 10(1), pp. 111-114, 2005.
[32] I. Yoo, and U. Ultes-Nitsche, "Intelligent firewall: packet-based recognition against internet-scale virus attacks", in Proc. of Conference on Communications and Computer Networks (CCN 2002), USA, 2002.
[33] P. Lichodzijewski, A. Z-H. Nur, and M. I. Heywood, "Host-based intrusion detection using self-organizing maps", in Proc. of the 2002 International Joint Conference on Neural Network (IJCNN 02), USA, 2002, pp. 1714 - 1719.
[34] J. H. Albert, and S. S. Antti, "A computer host-based user anomaly detection system using the self-organizing map", in Proc. of the IEEEINNS- ENNS International Joint Conference on Neural Networks (IJCNN-00), Italy, 2000, pp. 411 - 416.
[35] H. Y. Kwong, "Detecting Long Connection Chains of Interactive Terminal Session" in Proc. RAID 2002. Switzerland, 2002, pp. 1 - 6.
[36] Y. Jianhua, and S. H. Shou-Hsuan, "A real-time algorithm to detect long connection chains of interactive terminal session", in Proc. of the 3rd International Conference on Information Security, China, 2004, pp. 198 - 203.
[37] Y. Jianhua, and S. H. Shou-Hsuan, and D. W. Ming, "A Clustering- Partitioning Algorithm to Find TCP Packet Round-Trip Time for Intrusion Detection" in Proc. of the 20th International Conference on Advanced Information Networking and Applications (AINA-06), Austria, 2006, pp. 231 - 236.
[38] Wireshark (2009, February 8). (Online). Available:
[39] Wareseeker (2008, February 8). (Online). Available:
[40] H. Duane, and L. Bruce, Mastering MATLAB A Comprehensive Tutorial and Reference, Prentice-Hall. New Jersey, 1996.