Computer Science Colloquium Series Thursday, March 25th, 2010 12:30-1:15 CCT 208 Refreshments will be served!!!

"Resist Intruders’ Manipulation via Context-based TCP/IP Packet Matching"

The lecture will be given by Dr. Jinhua Yang. Dr. Yang has joined our department as an associate professor of Computer Science in fall 2009. His research interests are computer, network and information security. His present research focuses on stepping-stone intrusion detection and connection traceback. He has authored one book and 30 papers in his areas of interest.

Stepping-stone is the most popular way used to attack other computers. The reason is that intruders can be protected through a long connection chain involving some compromised computers called stepping-stones. Some intruders even manipulate a stepping-stone to evade stepping-stone intrusion detection. Intruders’ evasion makes detecting stepping-stone intrusion more difficult. In this paper, we propose a new approach, context-based TCP/IP packet matching, to detect stepping-stone intrusion, as well as resisting intruders’ evasion. The analysis shows that this approach can resist intruders’ time-jittering evasion. The simulation results showed even an intruder could chaff a connection with chaff-rate as high as 100%, this approach can still match the two connections to detect the intrusion and to resist intruders’ chaff-perturbation evasion.