{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T07:12:33Z","timestamp":1743145953413,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030657444"},{"type":"electronic","value":"9783030657451"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65745-1_26","type":"book-chapter","created":{"date-parts":[[2020,12,18]],"date-time":"2020-12-18T08:03:25Z","timestamp":1608278605000},"page":"431-446","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Evading Stepping-Stone Detection with Enough Chaff"],"prefix":"10.1007","author":[{"given":"Henry","family":"Clausen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael S.","family":"Gibson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Aspinall","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,12,19]]},"reference":[{"key":"26_CR1","unstructured":"Mcafee technical report on night dragon operation. Technical report (2015)"},{"key":"26_CR2","unstructured":"The CAIDA UCSD Anonymized Internet Traces 2018 (2018). Accessed 10 Feb 2020"},{"key":"26_CR3","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-1-4842-2155-6_3","volume-title":"Cybersecurity for Hospitals and Healthcare Facilities","author":"L Ayala","year":"2016","unstructured":"Ayala, L.: Active medical device cyber-attacks. Cybersecurity for Hospitals and Healthcare Facilities, pp. 19\u201337. Apress, Berkeley, CA (2016). https:\/\/doi.org\/10.1007\/978-1-4842-2155-6_3"},{"key":"26_CR4","doi-asserted-by":"crossref","unstructured":"Clausen, H., Flood, R., Aspinall, D.: Traffic generation using containerization for machine learning. In: Proceedings of the Dynamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop. ACM (2019)","DOI":"10.1145\/3464458.3464460"},{"issue":"1","key":"26_CR5","first-page":"103","volume":"2","author":"G Di Crescenzo","year":"2011","unstructured":"Di Crescenzo, G., Ghosh, A., Kampasi, A., Talpade, R., Zhang, Y.: Detecting anomalies in active insider stepping stone attacks. JoWUA 2(1), 103\u2013120 (2011)","journal-title":"JoWUA"},{"key":"26_CR6","unstructured":"Ding, W., Le, K., Huang, S.-H.S.: Detecting stepping-stones under the influence of packet jittering. In: 2013 9th International Conference on Information Assurance and Security (IAS), pp. 31\u201336. IEEE (2013)"},{"key":"26_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-36084-0_2","volume-title":"Recent Advances in Intrusion Detection","author":"DL Donoho","year":"2002","unstructured":"Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17\u201335. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-36084-0_2"},{"key":"26_CR8","unstructured":"EU ENISA. Baseline security recommendations for IoT in the context of critical information infrastructures (2017)"},{"key":"26_CR9","unstructured":"Fraser, G.: Tunneling, pivoting, and web application penetration testing. Technical report, SANS (2015)"},{"key":"26_CR10","unstructured":"Hemminger, S., et al.: Network emulation with netem. In: Linux Conference au, pp. 18\u201323 (2005)"},{"key":"26_CR11","doi-asserted-by":"crossref","unstructured":"Huang, S.-H.S., Kuo, Y.-W.: Detecting chaff perturbation on stepping-stone connection. In: 2011 IEEE 17th International Conference on Parallel and Distributed Systems, pp. 660\u2013667. IEEE (2011)","DOI":"10.1109\/ICPADS.2011.51"},{"key":"26_CR12","doi-asserted-by":"crossref","unstructured":"Huang, S.-H.S., Zhang, H., Phay, M.: Detecting stepping-stone intruders by identifying crossover packets in SSH connections. In: 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), pp. 1043\u20131050. IEEE (2016)","DOI":"10.1109\/AINA.2016.132"},{"key":"26_CR13","unstructured":"Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack onthe ukrainian power grid. Technical report, E-ISAC (2016)"},{"key":"26_CR14","doi-asserted-by":"crossref","unstructured":"Nasr, M., Bahramali, A., Houmansadr, A.: Deepcorr: strong flow correlation attacks on tor using deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1962\u20131976 (2018)","DOI":"10.1145\/3243734.3243824"},{"issue":"13","key":"26_CR15","doi-asserted-by":"publisher","first-page":"2310","DOI":"10.1016\/j.comnet.2010.03.011","volume":"54","author":"JD Padhye","year":"2010","unstructured":"Padhye, J.D., Kothari, K., Venkateshaiah, M., Wright, M.: Evading stepping-stone detection under the cloak of streaming media with sneak. Comput. Networks 54(13), 2310\u20132325 (2010)","journal-title":"Comput. Networks"},{"issue":"3","key":"26_CR16","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1109\/90.392383","volume":"3","author":"V Paxson","year":"1995","unstructured":"Paxson, V., Floyd, S.: Wide area traffic: the failure of Poisson modeling. IEEE\/ACM Trans. Networking 3(3), 226\u2013244 (1995)","journal-title":"IEEE\/ACM Trans. Networking"},{"issue":"2","key":"26_CR17","first-page":"103","volume":"2","author":"R Shullich","year":"2011","unstructured":"Shullich, R., Chu, J., Ji, P., Chen, W.: A survey of research in stepping-stone detection. Int. J. Electron. Commer. Stud. 2(2), 103\u2013126 (2011)","journal-title":"Int. J. Electron. Commer. Stud."},{"key":"26_CR18","unstructured":"Staniford-Chen, S., Heberlein, L.T.: Holding intruders accountable on the internet. In: Proceedings 1995 IEEE Symposium on Security and Privacy, pp. 39\u201349. IEEE (1995)"},{"issue":"8","key":"26_CR19","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard, C.: Advanced persistent threats and how to monitor and deter them. Network Secur. 2011(8), 16\u201319 (2011)","journal-title":"Network Secur."},{"key":"26_CR20","doi-asserted-by":"crossref","unstructured":"Velan, P., Medkov\u00e1, J., Jirs\u00edk, T., \u010celeda, P.: Network traffic characterisation using flow-based statistics. In: NOMS 2016 2016 IEEE\/IFIP Network Operations and Management Symposium, pp. 907\u2013912. IEEE (2016)","DOI":"10.1109\/NOMS.2016.7502924"},{"issue":"1","key":"26_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13638-018-1303-2","volume":"2018","author":"L Wang","year":"2018","unstructured":"Wang, L., Yang, J.: A research survey in stepping-stone intrusion detection. EURASIP J. Wirel. Commun. Networking 2018(1), 1\u201315 (2018). https:\/\/doi.org\/10.1186\/s13638-018-1303-2","journal-title":"EURASIP J. Wirel. Commun. Networking"},{"issue":"3","key":"26_CR22","doi-asserted-by":"publisher","first-page":"434","DOI":"10.1109\/TDSC.2010.35","volume":"8","author":"X Wang","year":"2010","unstructured":"Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping stones by flow watermarking. IEEE Trans. Dependable Secure Comput. 8(3), 434\u2013449 (2010)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"issue":"2","key":"26_CR23","doi-asserted-by":"publisher","first-page":"1431","DOI":"10.1016\/j.eswa.2009.06.059","volume":"37","author":"H-C Wu","year":"2010","unstructured":"Wu, H.-C., Huang, S.-H.S.: Neural networks-based detection of stepping-stone intrusion. Expert Syst. Appl. 37(2), 1431\u20131437 (2010)","journal-title":"Expert Syst. Appl."},{"key":"26_CR24","doi-asserted-by":"crossref","unstructured":"Xin, J., Zhang, L., Aswegan, B., Dickerson, J., Daniels, T., Guan, Y.: A testbed for evaluation and analysis of stepping stone attack attribution techniques. In: 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. TRIDENTCOM 2006, p. 9. IEEE (2006)","DOI":"10.1109\/TRIDNT.2006.1649171"},{"issue":"7\u20138","key":"26_CR25","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1016\/j.cose.2007.07.001","volume":"26","author":"J Yang","year":"2007","unstructured":"Yang, J., Huang, S.-H.S.: Mining TCP\/IP packets to detect stepping-stone intrusion. Comput. Secur. 26(7\u20138), 479\u2013484 (2007)","journal-title":"Comput. Secur."},{"issue":"6\u20137","key":"26_CR26","doi-asserted-by":"publisher","first-page":"538","DOI":"10.1016\/j.cose.2011.06.003","volume":"30","author":"J Yang","year":"2011","unstructured":"Yang, J., Woolbright, D.: Correlating TCP\/IP packet contexts to detect stepping-stone intrusion. Comput. Secur. 30(6\u20137), 538\u2013546 (2011)","journal-title":"Comput. Secur."},{"key":"26_CR27","doi-asserted-by":"crossref","unstructured":"Yang, J., Zhang, Y.: RTT-based random walk approach to detect stepping-stone intrusion. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 558\u2013563. IEEE (2015)","DOI":"10.1109\/AINA.2015.236"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65745-1_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,15]],"date-time":"2023-10-15T15:46:29Z","timestamp":1697384789000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65745-1_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030657444","9783030657451"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65745-1_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2,75","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic the event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}