使用递增性延迟建立攻击连接链的关联

使用递增性延迟建立攻击连接链的关联

李强, 刘琨, 林雁, 鞠九滨

（吉林大学计算机科学与技术学院, 长春 130012）

收稿日期:2005-03-03 修回日期:1900-01-01 出版日期:2006-03-26 发布日期:2006-03-26
通讯作者: 鞠九滨

Constructing Correlations in Attack Connection Chains via Increasing Delay

LI Qiang, LIU Kun, LIN Yan, JU Jiu-bin

(College of Computer Science and Technology, Jilin University, Changchun 130012, China)

Received:2005-03-03 Revised:1900-01-01 Online:2006-03-26 Published:2006-03-26
Contact: JU Jiu-bin

摘要/Abstract

摘要： 提出一个主动干扰跳板机连接中数据包间隔延迟的方法, 在攻击者所能干扰跳板机连接数据包延迟间隔允许范围之内, 使检测窗口内包间延迟的平均值循环递增. 通过分析两个连接链包间延迟平均值的递增性, 确定攻击连接链的关联. 这个方法可以有效地减少连接关联计算量, 提高跳板机检测的有效性.

关键词: 反向追踪, 连接链, 主动延迟

Abstract: A method is proposed for detecting stepping stones by actively perturbing inter-packet delay of connections, by which the average value of the packets in the detecting window is set to increase periodically within the attacker’s perturbation range. The correlations in attacking connection ch ains can be constructed by analyzing the increase of the average value of the inter-packet delay between the two connection chains. The complexity of correlatio n computations can be reduced and the efficiency of detecting stepping stones can be improved by means of the method.

Key words: traceback, connection chain, active delay

中图分类号:

TP393

李强, 刘琨, 林雁, 鞠九滨. 使用递增性延迟建立攻击连接链的关联[J]. J4, 2006, 44(02): 194-200.

LI Qiang, LIU Kun, LIN Yan, JU Jiu-bin. Constructing Correlations in Attack Connection Chains via Increasing Delay[J]. J4, 2006, 44(02): 194-200.