{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T14:55:58Z","timestamp":1753887358600,"version":"3.41.2"},"reference-count":28,"publisher":"Wiley","issue":"1","license":[{"start":{"date-parts":[[2021,8,10]],"date-time":"2021-08-10T00:00:00Z","timestamp":1628553600000},"content-version":"vor","delay-in-days":221,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100009226","name":"National Security Agency","doi-asserted-by":"publisher","award":["H98230-20-1-0293"],"award-info":[{"award-number":["H98230-20-1-0293"]}],"id":[{"id":"10.13039\/100009226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Wireless Communications and Mobile Computing"],"published-print":{"date-parts":[[2021,1]]},"abstract":"<jats:p>Hackers on the Internet usually send attacking packets using compromised hosts, called stepping\u2010stones, in order to avoid being detected and caught. With stepping\u2010stone attacks, an intruder remotely logins these stepping\u2010stones using programs like SSH or telnet, uses a chain of Internet hosts as relay machines, and then sends the attacking packets. A great number of detection approaches have been developed for stepping\u2010stone intrusion (SSI) in the literature. Many of these existing detection methods worked effectively only when session manipulation by intruders is not present. When the session is manipulated by attackers, there are few known effective detection methods for SSI. It is important to know whether a detection algorithm for SSI is resistant on session manipulation by attackers. For session manipulation with chaff perturbation, software tools such as Scapy can be used to inject meaningless packets into a data stream. However, to the best of our knowledge, there are no existing effective tools or efficient algorithms to produce time\u2010jittered network traffic that can be used to test whether an SSI detection method is resistant on intruders\u2019 time\u2010jittering manipulation. In this paper, we propose a framework to test resistency of detection algorithms for SSI on time\u2010jittering manipulation. Our proposed framework can be used to test whether an existing or new SSI detection method is resistant on session manipulation by intruders with time\u2010jittering.<\/jats:p>","DOI":"10.1155\/2021\/1807509","type":"journal-article","created":{"date-parts":[[2021,8,11]],"date-time":"2021-08-11T03:46:37Z","timestamp":1628653597000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Framework to Test Resistency of Detection Algorithms for Stepping\u2010Stone Intrusion on Time\u2010Jittering Manipulation"],"prefix":"10.1155","volume":"2021","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4965-5510","authenticated-orcid":false,"given":"Lixin","family":"Wang","sequence":"first","affiliation":[]},{"given":"Jianhua","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Workman","sequence":"additional","affiliation":[]},{"given":"Peng-Jun","family":"Wan","sequence":"additional","affiliation":[]}],"member":"311","published-online":{"date-parts":[[2021,8,10]]},"reference":[{"key":"e_1_2_8_1_2","doi-asserted-by":"crossref","unstructured":"YangJ. HuangS. H. S. andWanM. D. A clustering- partitioning algorithm to find TCP packet round-trip time for intrusion detection 1 20th International Conference on Advanced Information Networking and Applications-Volume 1 (AINA\u201906) 2006 Vienna Austria https:\/\/doi.org\/10.1109\/AINA.2006.13 2-s2.0-33751112790.","DOI":"10.1109\/AINA.2006.13"},{"key":"e_1_2_8_2_2","doi-asserted-by":"publisher","DOI":"10.1109\/90.392383"},{"key":"e_1_2_8_3_2","doi-asserted-by":"crossref","unstructured":"ClausenH. GibsonM. S. andAspinallD. Evading stepping-stone detection with enough chaff International Conference on Network and System Security 2020 Cham 431\u2013446.","DOI":"10.1007\/978-3-030-65745-1_26"},{"key":"e_1_2_8_4_2","doi-asserted-by":"crossref","unstructured":"DonohoD. FlesiaA. ShankarU. PaxsonV. CoitJ. andStanifordS. Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay the 5th International Symposium on Recent Advances in Intrusion Detection Lecture Notes in Computer Science 2002 Berlin Heidelberg.","DOI":"10.1007\/3-540-36084-0_2"},{"key":"e_1_2_8_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2007.07.001"},{"key":"e_1_2_8_6_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2018.08.011"},{"key":"e_1_2_8_7_2","doi-asserted-by":"crossref","unstructured":"Staniford-ChenS.andHeberleinL. T. Holding intruders accountable on the Internet Proceedings 1995 IEEE Symposium on Security and Privacy 1995 Oakland CA 39\u201349 https:\/\/doi.org\/10.1109\/SECPRI.1995.398921.","DOI":"10.1109\/SECPRI.1995.398921"},{"key":"e_1_2_8_8_2","unstructured":"HeT.andTongL. Detecting stepping-stone traffic in chaff: fundamental limits and robust algorithms 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006) April 2006 Hamburg Germany."},{"key":"e_1_2_8_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2006.890881"},{"key":"e_1_2_8_10_2","unstructured":"BlumA. SongD. andVenkataramanS. Detection of interactive stepping-stones: algorithms and confidence bounds Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID) September 2004 Sophia Antipolis France 20\u201335."},{"key":"e_1_2_8_11_2","doi-asserted-by":"publisher","DOI":"10.1186\/s13638-018-1303-2"},{"key":"e_1_2_8_12_2","unstructured":"ZhangY.andPaxsonV. Detecting stepping-stones Proc. of the 9th USENIX Security Symposium August 2000 Denver CO 67\u201381."},{"key":"e_1_2_8_13_2","doi-asserted-by":"crossref","unstructured":"YodaK.andEtohH. Finding connection chain for tracing intruders Proc. 6th European Symposium on Research in Computer Security September 2000 Toulouse France 31\u201342.","DOI":"10.1007\/10722599_12"},{"key":"e_1_2_8_14_2","doi-asserted-by":"crossref","unstructured":"YangJ. LeeB. andHuangS. S.-H. Monitoring network traffic to detect stepping-stone intrusion Proceedings of 22nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2008) March 2008 Okinawa Japan 56\u201361.","DOI":"10.1109\/WAINA.2008.30"},{"key":"e_1_2_8_15_2","doi-asserted-by":"crossref","unstructured":"YangJ.andZhangY. RTT-based random walk approach to detect stepping-stone intrusion IEEE 29th International Conference on Advanced Information Networking and Applications 2015 Gwangju Korea (South) 558\u2013563 https:\/\/doi.org\/10.1109\/AINA.2015.236 2-s2.0-84946205700.","DOI":"10.1109\/AINA.2015.236"},{"key":"e_1_2_8_16_2","doi-asserted-by":"crossref","unstructured":"DingW. HausknechtM. J. HuangS.-H. S. andRiggleZ. Detecting stepping-stone intruders with long connection chains 2009 Fifth International Conference on Information Assurance and Security August 2009 Xi\u2032an China https:\/\/doi.org\/10.1109\/IAS.2009.123 2-s2.0-74049111153.","DOI":"10.1109\/IAS.2009.123"},{"key":"e_1_2_8_17_2","doi-asserted-by":"crossref","unstructured":"HuangS. S. H. ZhangH. andPhayM. Detecting stepping-stone intruders by identifying crossover packets in SSH connections Proceedings of 30th IEEE International Conference on Advanced Information Networking and Applications March 2016 Crans-Montana Switzerland 1043\u20131050 https:\/\/doi.org\/10.1109\/AINA.2016.132 2-s2.0-84988933889.","DOI":"10.1109\/AINA.2016.132"},{"key":"e_1_2_8_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2010.35"},{"key":"e_1_2_8_19_2","doi-asserted-by":"crossref","unstructured":"YungK. H. Detecting long connecting chains of interactive terminal sessions Proc. of International Symposium on Recent Advance in Intrusion Detection (RAID) October 2002 Zurich Switzerland 1\u201316.","DOI":"10.1007\/3-540-36084-0_1"},{"key":"e_1_2_8_20_2","doi-asserted-by":"crossref","unstructured":"YangJ.andHuangS.-H. S. A real-time algorithm to detect long connection chains of interactive terminal sessions Proceedings of 3rd ACM International Conference on Information Security (Infosecu\u201904) November 2004 Shanghai China 198\u2013203.","DOI":"10.1145\/1046290.1046331"},{"key":"e_1_2_8_21_2","unstructured":"YangJ.andHuangS. H. S. Matching TCP packets and its application to the detection of long connection chains Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005) March 2005 Taipei Taiwan China 1005\u20131010."},{"key":"e_1_2_8_22_2","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/6632671"},{"key":"e_1_2_8_23_2","first-page":"577","article-title":"Collective data-sanitization for preventing sensitive information inference attacks in social networks","volume":"15","author":"Cai Z.","year":"2016","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_2_8_24_2","doi-asserted-by":"crossref","unstructured":"CaiZ.andHeZ. Trading private range counting over big IoT data 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS) 2019 Dallas TX USA 144\u2013153 https:\/\/doi.org\/10.1109\/ICDCS.2019.00023.","DOI":"10.1109\/ICDCS.2019.00023"},{"key":"e_1_2_8_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2018.2830307"},{"key":"e_1_2_8_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2020.2980802"},{"key":"e_1_2_8_27_2","doi-asserted-by":"publisher","DOI":"10.1002\/9781119593386.ch12"},{"key":"e_1_2_8_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2019.112845"}],"container-title":["Wireless Communications and Mobile Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2021\/1807509.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/wcmc\/2021\/1807509.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1155\/2021\/1807509","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,7]],"date-time":"2024-08-07T11:31:42Z","timestamp":1723030302000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1155\/2021\/1807509"}},"subtitle":[],"editor":[{"given":"Zhuojun","family":"Duan","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2021,1]]},"references-count":28,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,1]]}},"alternative-id":["10.1155\/2021\/1807509"],"URL":"https:\/\/doi.org\/10.1155\/2021\/1807509","archive":["Portico"],"relation":{},"ISSN":["1530-8669","1530-8677"],"issn-type":[{"type":"print","value":"1530-8669"},{"type":"electronic","value":"1530-8677"}],"subject":[],"published":{"date-parts":[[2021,1]]},"assertion":[{"value":"2021-06-25","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-07-27","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-08-10","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"1807509"}}