Saptshree Dengle, Dr. Santosh Lomte
Abstract: Network security is complex and challenging problem in today's world. Despite of many sophisticated techniques, attack on the network continues to increase. At present, in order to hide the identity of the attacker, attackers send their attack through a chain of compromised hosts that are used as "stepping stones?. In this paper we present an approach to find the connection chain of an intruder for tracing back to the origin especially if the attack through the traffic is encrypted one. Our approach will based on analyzing correlations of encrypted connection between number of packets sent in outgoing connections and that of the incoming packets in the connection. We proposed a correlation scheme based on watermarking which will be robust against timing perturbation. This approach yields effective better results in terms of number of packets than in existing passive timing based correlation. This paper presents a new method of embedding a watermark in traffic flow. Here for the purpose of embedding the watermark, the packet timing is adjusted for specific intervals. By slightly changing the packet timing, we achieve robust correlation of encrypted network against random timing perturbation.
Keywords: Correlation, IPD, Robustness, Stepping stones, Watermark