Change search
ReferencesLink to record
Permanent link

Direct link
Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks
KTH, School of Information and Communication Technology (ICT).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Stepping stones are compromised hosts in a network which can be used by hackers and other malicious attackers to hide the origin of connections. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual victim host. Various timing and content based detection techniques have been proposed in the literature to trace back through a chain of stepping stones in order to identify the attacker. This has naturally led to evasive strategies such as shaping the trac di erently at each hop. The evasive techniques can also be detected. Our study aims to adapt some of the existing stepping stone detection and antievasion techniques to software-dened networks which use network function virtualization. We have implemented the stepping-stone detection techniques in a simulated environment and use sFlow for the trac monitoring at the switches. We evaluate the detection algorithms on di erent network topologies and analyze the results to gain insight on the e ectiveness of the detection mechanisms. The selected detection techniques work well on relatively high packet sampling rates. However, new solutions will be needed for large SDN networks where the packet sampling rate needs to be lower.

Place, publisher, year, edition, pages
2016. , 68 p.
Keyword [en]
Stepping stone attack, Software-dened networking, Network
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-190121OAI: diva2:951616
Subject / course
Electrical Engineering
Educational program
Master of Science -Security and Mobile Computing
Available from: 2016-08-09 Created: 2016-08-09 Last updated: 2016-08-11Bibliographically approved

Open Access in DiVA

fulltext(1248 kB)17 downloads
File information
File name FULLTEXT02.pdfFile size 1248 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 20 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 39 hits
ReferencesLink to record
Permanent link

Direct link