When network intruders launch attacks to a victim host, they try to avoid revealing their identities by indirectly connecting to the victim through a sequence of intermediary hosts, called stepping-stones. One effective stepping-stone detection mechanism is to detect such a long connection chain by estimating the number of stepping-stones. Artificial neural networks provide the potential to identify and classify network activities. In this paper, we propose an approach that utilizes the analytical strengths of neural networks to detect stepping-stone intrusion Two schemes are developed for neural network investigation. One uses eight packet variables and the other clusters a sequence of consecutive packet round-trip times The experimental results Show that using neural networks as the detection too[ works well to predict the number of stepping-stones for incoming packets by both proposed schemes through monitoring a connection chain with a few packets. In addition, various transfer functions and learning rules are Studied and it is observed that using Sigmoid transfer function and Delta learning rule generally provides better prediction.

• 出版日期2010-3