A SURVEY OF RESEARCH IN STEPPING-STONE DETECTION

Stepping-stone is a method that directs network connections from an attacker to a victim through one or more intermediate compromised systems or devices. The objective of this scheme is to hide the attacker’s identity (provide anonymity) and make traceback either difficult or impossible. Evasion techniques that are used to hide this process include encryption, introduction of dummy packets (chaff) into the stream, introducing delay into the timing of the packet stream, using multiple compromised hosts in long connection chains (many hops), and intermixing command and control traffic with multimedia traffic to mask traffic characteristics. This paper provides a survey that focuses on characteristic based, interactive stepping-stone detection and analysis techniques. An overview of the field of research is presented with critique of some of the methods used. We also provide some interesting topics for additional research.