{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T16:29:41Z","timestamp":1764174581021,"version":"3.37.3"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,12,1]],"date-time":"2018-12-01T00:00:00Z","timestamp":1543622400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100009226","name":"National Security Agency","doi-asserted-by":"publisher","award":["H98230-17-1-0396","H98230-17-1-0396"],"award-info":[{"award-number":["H98230-17-1-0396","H98230-17-1-0396"]}],"id":[{"id":"10.13039\/100009226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Wireless Com Network"],"published-print":{"date-parts":[[2018,12]]},"DOI":"10.1186\/s13638-018-1303-2","type":"journal-article","created":{"date-parts":[[2018,12,4]],"date-time":"2018-12-04T09:08:23Z","timestamp":1543914503000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["A research survey in stepping-stone intrusion detection"],"prefix":"10.1186","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4965-5510","authenticated-orcid":false,"given":"Lixin","family":"Wang","sequence":"first","affiliation":[]},{"given":"Jianhua","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,4]]},"reference":[{"key":"1303_CR1","series-title":"Proc. IEEE Symposium on Security and Privacy, Oakland, CA","first-page":"39","volume-title":"Holding Intruders Accountable on the Internet","author":"S Staniford-Chen","year":"1995","unstructured":"S. Staniford-Chen, L.T. Heberlein, Holding Intruders Accountable on the Internet, Proc. IEEE Symposium on Security and Privacy, Oakland, CA (1995), pp. 39\u201349"},{"key":"1303_CR2","series-title":"Proceedings of the 16th International Information Security Conference (IFIP\/Sec\u201901)","first-page":"369","volume-title":"Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework","author":"X Wang","year":"2001","unstructured":"X. Wang, D. Reeves, S. Wu, J. Yuill, Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework, Proceedings of the 16th International Information Security Conference (IFIP\/Sec\u201901) (2001), pp. 369\u2013384"},{"key":"1303_CR3","series-title":"Proc. of the 9th USENIX Security Symposium, Denver, CO","first-page":"67","volume-title":"Detecting Stepping-Stones","author":"Y Zhang","year":"2000","unstructured":"Y. Zhang, V. Paxson, Detecting Stepping-Stones, Proc. of the 9th USENIX Security Symposium, Denver, CO (2000), pp. 67\u201381"},{"issue":"5","key":"1303_CR4","doi-asserted-by":"publisher","first-page":"1612","DOI":"10.1109\/TSP.2006.890881","volume":"55","author":"T He","year":"2007","unstructured":"T. He, L. Tong, Detecting encrypted stepping-stone connections. Proceedings of IEEE Transaction on signal processing 55(5), 1612\u20131623 (2007)","journal-title":"Proceedings of IEEE Transaction on signal processing"},{"key":"1303_CR5","volume-title":"The 5th International Symposium on Recent Advances in Intrusion Detection, Lecture Notes in Computer Science","author":"D Donoho","year":"2002","unstructured":"D. Donoho, A. Flesia, U. Shankar, V. Paxson, J. Coit, S. Staniford, in The 5th International Symposium on Recent Advances in Intrusion Detection, Lecture Notes in Computer Science. Multiscale stepping-stone detection: detecting pairs of jittered interactive streams by exploiting maximum tolerable delay (2002)"},{"issue":"6","key":"1303_CR6","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1016\/0020-0190(90)90035-V","volume":"35","author":"S Wu","year":"1990","unstructured":"S. Wu, U. Manber, G. Myers, W. Miller, An O(NP) sequence comparison algorithm. Inf. Process. Lett. 35(6), 317\u2013323 (1990)","journal-title":"Inf. Process. Lett."},{"key":"1303_CR7","series-title":"Proc. 6th European Symposium on Research in Computer Security, Toulouse, France","first-page":"31","volume-title":"Finding Connection Chain for Tracing Intruders","author":"K Yoda","year":"2000","unstructured":"K. Yoda, H. Etoh, Finding Connection Chain for Tracing Intruders, Proc. 6th European Symposium on Research in Computer Security, Toulouse, France (2000), pp. 31\u201342"},{"key":"1303_CR8","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1016\/j.cose.2007.07.001","volume":"26","author":"J Yang","year":"2007","unstructured":"J. Yang, S.S.-H. Huang, Mining TCP\/IP packets to detect stepping-stone intrusion. Journal of Computers and Security 26, 479\u2013484 (2007) Elsevier Ltd.","journal-title":"Journal of Computers and Security"},{"key":"1303_CR9","series-title":"Proc. of International Symposium on Recent Advance in Intrusion Detection (RAID), Zurich, Switzerland","first-page":"1","volume-title":"Detecting Long Connecting Chains of Interactive Terminal Sessions","author":"KH Yung","year":"2002","unstructured":"K.H. Yung, Detecting Long Connecting Chains of Interactive Terminal Sessions, Proc. of International Symposium on Recent Advance in Intrusion Detection (RAID), Zurich, Switzerland (2002), pp. 1\u201316"},{"key":"1303_CR10","series-title":"Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France","first-page":"20","volume-title":"Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds","author":"A Blum","year":"2004","unstructured":"A. Blum, D. Song, And S. Venkataraman, Detection of Interactive Stepping-Stones: Algorithms and Confidence Bounds, Proceedings of International Symposium on Recent Advance in Intrusion Detection (RAID), Sophia Antipolis, France, 20\u201335, 2004"},{"key":"1303_CR11","series-title":"the Proceedings of 22nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2008), Okinawa, Japan","first-page":"56","volume-title":"Monitoring Network Traffic to Detect Stepping-Stone Intrusion","author":"J Yang","year":"2008","unstructured":"J. Yang, B. Lee, S.S.\u2013.H. Huang, Monitoring Network Traffic to Detect Stepping-Stone Intrusion, the Proceedings of 22nd IEEE International Conference on Advanced Information Networking and Applications (AINA 2008), Okinawa, Japan (2008), pp. 56\u201361"},{"key":"1303_CR12","series-title":"IEEE 29th International Conference on Advanced Information Networking and Applications","first-page":"558","volume-title":"RTT-Based Random Walk Approach to Detect Stepping-Stone Intrusion","author":"J Yang","year":"2015","unstructured":"J. Yang, Y. Zhang, RTT-Based Random Walk Approach to Detect Stepping-Stone Intrusion, IEEE 29th International Conference on Advanced Information Networking and Applications (2015), pp. 558\u2013563"},{"key":"1303_CR13","volume-title":"Stochastic Process Tutorial","author":"K Teknomo","year":"2017","unstructured":"Teknomo, Kardi. (2017) Stochastic Process Tutorial. \n                    http:\/\/people.revoledu.com\/kardi\/tutorial\/StochasticProcess\/RandomWalk\/RandomWalk.html"},{"key":"1303_CR14","series-title":"To Be Published in Lecture Notes in Computer Science (LNCS) by Spring-Verlag, 4th IEEE International Conference on Automatic and Trusted Computing, Hong Kong, China","first-page":"276","volume-title":"Stepping-Stone Detection via Request-Response Traffic Analysis","author":"SS\u2013H Huang","year":"2007","unstructured":"S.S.\u2013.H. Huang, R. Lychev, J. Yang, Stepping-Stone Detection via Request-Response Traffic Analysis, To Be Published in Lecture Notes in Computer Science (LNCS) by Spring-Verlag, 4th IEEE International Conference on Automatic and Trusted Computing, Hong Kong, China (2007), pp. 276\u2013285"},{"key":"1303_CR15","series-title":"9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006)","volume-title":"Detecting Stepping-Stone Traffic in Chaff: Fundamental Limits and Robust Algorithms","author":"T He","year":"2006","unstructured":"T. He and L. Tong, \u201cDetecting Stepping-Stone Traffic in Chaff: Fundamental Limits and Robust Algorithms\u201d, 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), 2006"},{"key":"1303_CR16","series-title":"2009 Fifth International Conference on Information Assurance and Security","doi-asserted-by":"publisher","DOI":"10.1109\/IAS.2009.123","volume-title":"Detecting Stepping-Stone Intruders with Long Connection Chains","author":"W Ding","year":"2009","unstructured":"W. Ding, M. J. Hausknecht, S.-H. S. Huang, and Z. Riggle, \u201cDetecting Stepping-Stone Intruders with Long Connection Chains\u201d, 2009 Fifth International Conference on Information Assurance and Security, 2009"},{"key":"1303_CR17","doi-asserted-by":"crossref","unstructured":"S. S.-H Huang, H. Zhang, and M. Phay, \u201cDetecting Stepping-Stone Intruders by Identifying Crossover Packets in SSH Connections \u201d, the Proceedings of 30th IEEE International Conference on Advanced Information Networking and Applications, Fukuoka, Japan, IEEE proceedings and Digital Library, pp. 1043\u20131050, 2016","DOI":"10.1109\/AINA.2016.132"},{"issue":"3","key":"1303_CR18","doi-asserted-by":"publisher","first-page":"434","DOI":"10.1109\/TDSC.2010.35","volume":"8","author":"X Wang","year":"2011","unstructured":"X. Wang, D. Reeves, Robust correlation of encrypted attack traffic through stepping stones by flow watermarking. IEEE Trans Dependable Secure Comput 8(3), 434\u2013449 (2011)","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"1303_CR19","volume-title":"Proceedings of the International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), WorldComp","author":"Y Chen","year":"2016","unstructured":"Y. Chen, S. Wang, in Proceedings of the International Conference on e-Learning, e-Business, Enterprise Information Systems, and e-Government (EEE), WorldComp. A novel network flow watermark embedding model for efficient detection of stepping-stone intrusion based on entropy (2016)"},{"key":"1303_CR20","first-page":"515","volume-title":"2018 32nd IEEE International Conference on Advanced Information Networking and Applications Workshops (WAINA)","author":"J Yang","year":"2018","unstructured":"J. Yang, Y. Zhang, R. King, T. Tolbert, in 2018 32nd IEEE International Conference on Advanced Information Networking and Applications Workshops (WAINA). Sniffing and chaffing network traffic in stepping-stone intrusion detection (2018), pp. 515\u2013520"},{"key":"1303_CR21","series-title":"Proceedings of the 4th Usenix Security Symposium","volume-title":"Caller Identification System in the Internet Environment","author":"HT Jung","year":"1993","unstructured":"H.T. Jung et al, \u201cCaller Identification System in the Internet Environment\u201d, Proceedings of the 4th Usenix Security Symposium, 1993"},{"key":"1303_CR22","series-title":"Proceedings of 3rd ACM International Conference on Information Security (Infosecu\u201904), Shanghai, China","first-page":"198","volume-title":"A Real-Time Algorithm to Detect Long Connection Chains of Interactive Terminal Sessions","author":"J Yang","year":"2004","unstructured":"J. Yang, S.-H.S. Huang, A Real-Time Algorithm to Detect Long Connection Chains of Interactive Terminal Sessions, Proceedings of 3rd ACM International Conference on Information Security (Infosecu\u201904), Shanghai, China (2004), pp. 198\u2013203"},{"key":"1303_CR23","unstructured":"S. Snapp et al., \u201cDIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype\u201d. In Proc. 14th National Computer Security Conference, 1991"},{"key":"1303_CR24","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1109\/90.392383","volume":"3","author":"V Paxson","year":"1995","unstructured":"V. Paxson, S. Floyd, Wide-area traffic: the failure of Poisson modeling. IEEE\/ACM Trans. Networking 3, 226\u2013244 (1995)","journal-title":"IEEE\/ACM Trans. Networking"},{"key":"1303_CR25","series-title":"Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China","first-page":"1005","volume-title":"Matching TCP Packets and Its Application to the Detection of Long Connection Chains","author":"J Yang","year":"2005","unstructured":"J. Yang, S.\u2013.H.S. Huang, Matching TCP Packets and Its Application to the Detection of Long Connection Chains, Proceedings of 19th IEEE International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, China (2005), pp. 1005\u20131010"},{"key":"1303_CR26","doi-asserted-by":"publisher","DOI":"10.1142\/3641","volume-title":"Introduction to Pattern Recognition: Statistical, Structural, Neural, and Fuzzy Logic Approaches","author":"M Friedman","year":"1999","unstructured":"M. Friedman, A. Kandel, Introduction to Pattern Recognition: Statistical, Structural, Neural, and Fuzzy Logic Approaches (NJ World Scientific Publishing Co., River Edge, London, 1999)"},{"key":"1303_CR27","volume-title":"Algorithms for Clustering Data","author":"A Jain","year":"1988","unstructured":"A. Jain, R. Dubes, Algorithms for Clustering Data (Prentice Hall, Inc., Englewood Cliffs, 1988)"},{"key":"1303_CR28","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4613-0457-9","volume-title":"Mathematical Classification and Clustering","author":"B Mirkin","year":"1996","unstructured":"B. Mirkin, Mathematical Classification and Clustering (Kluwer Academic Publishers, Dordrecht, 1996)"},{"key":"1303_CR29","series-title":"Degree Project in Electrical Engineering, Stockholm, Sweden","volume-title":"Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks","author":"D Bhattacherjee","year":"2016","unstructured":"Bhattacherjee, Debopam. \u201cStepping Stone Detection for Tracing Attack Sources in Software-Defined Networks\u201d, Degree Project in Electrical Engineering, Stockholm, Sweden (2016)"},{"key":"1303_CR30","series-title":"RFC 3176, IETF","volume-title":"InMon Corporation\u2019s sFlow: A method for monitoring traffic in switched and routed networks","author":"P Phaal","year":"2001","unstructured":"Phaal, P., Panchen, S., and McKee, N., \u201cInMon Corporation\u2019s sFlow: A method for monitoring traffic in switched and routed networks\u201d. RFC 3176, IETF, 2001"}],"container-title":["EURASIP Journal on Wireless Communications and Networking"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13638-018-1303-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13638-018-1303-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13638-018-1303-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T10:00:41Z","timestamp":1576490441000},"score":1,"resource":{"primary":{"URL":"https:\/\/jwcn-eurasipjournals.springeropen.com\/articles\/10.1186\/s13638-018-1303-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12]]},"references-count":30,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["1303"],"URL":"https:\/\/doi.org\/10.1186\/s13638-018-1303-2","relation":{},"ISSN":["1687-1499"],"issn-type":[{"type":"electronic","value":"1687-1499"}],"subject":[],"published":{"date-parts":[[2018,12]]},"assertion":[{"value":"7 August 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 November 2018","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 December 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Publisher\u2019s Note"}}],"article-number":"276"}}