See this document in CiteSeerX!

Detecting Backdoors (2000)  (Make Corrections)  (5 citations)
Yin Zhang, Vern Paxson
Proc. 9th USENIX Security Symposium



  Home/Search   Context   Related

 
View or download:
aciri.org/vern/pap...ckdoorsec00.ps.gz
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  aciri.org/vern/papers (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: Backdoors are often installed by attackers who have compromised a system to ease their subsequent return to the system. We consider the problem of identifying a large class of backdoors, namely those providing interactive access on nonstandard ports, by passively monitoring a site's Internet access link. We develop a general algorithm for detecting interactive traffic based on packet size and timing characteristics, and a set of protocol-specific algorithms that look for signatures distinctive... (Update)

Context of citations to this paper:   More

.... in the SSH protocol [YKS 00a] It is easy to identify such a nested SSH connection using techniques developed by Zhang and Paxson [ZP00b, ZP00a] Hence in this case the eavesdropper can easily identify the packets corresponding to the user s password on link A B, and from...

...power of the adversary. However, we do allow occasional break ins through factors such as insecure OS, software bugs and backdoors [17], etc. When a networking node is compromised, all its information, public or private, is exposed to the adversary. These information...

Cited by:   More
Detecting HTTP Tunneling Activities - Pack, Streilein, Webster, Cunningham (2002)   (Correct)
An analysis of Internet chat systems - Dewes, Wichmann, Feldmann (2003)   (Correct)
Intrusion Detection: A Bibliography - Mé, Michel (2001)   (Correct)

Active bibliography (related documents):   More   All
3.9:   Detecting Backdoors - Zhang, Paxson (2000)   (Correct)
0.3:   Detecting Stepping Stones - Zhang, Paxson (2000)   (Correct)
0.3:   D-WARD: Source-End Defense Against Distributed Denial-of-Service .. - Mirkovic (2003)   (Correct)

Similar documents based on text:   More   All
0.3:   Estimating Router ICMP Generation Delays - Ramesh Govindan And (2002)   (Correct)
0.3:   How to 0wn the Internet in Your Spare Time - Staniford, Paxson, Weaver (2002)   (Correct)
0.2:   Preliminary Results Using Scale-Down to Explore Worm.. - Weaver, Hamadeh.. (2004)   (Correct)

Related documents from co-citation:   More   All
3:   Bro: A System for Detecting Network Intruders in Real-Time - Paxson - 1998
2:   PNrule: A New Framework for Learning Classier Models in Data Mining (context) - Agarwal, Joshi - 2000
2:   Synthesizing Fast Intrusion PreventionDetection System from High Level Specifica.. - Uppuluri, Intrusion et al. - 1999

BibTeX entry:   (Update)

Yin Zhang and Vern Paxson. Detecting backdoors. In Proc. of 9th USENIX Security Symposium, August 2000. http://citeseer.ist.psu.edu/article/zhang00detecting.html   More

@inproceedings{ zhang00detecting,
  author = "Yin Zhang and Vern Paxson",
  title = "Detecting Backdoors",
  booktitle = {Proc. 9th USENIX Security Symposium},
  month = {aug},
  year = {2000},
  pages = "157--170",
  url = "citeseer.ist.psu.edu/article/zhang00detecting.html" }
Citations (may not include all citations):
610   Wide-Area Traffic: The Failure of Poisson Modeling - Paxson, Floyd - 1995
215   Simple Mail Transfer Protocol (context) - Postel - 1982
123   Bro: A System for Detecting Network Intruders in Real-Time - Paxson - 1998  DBLP
87   Telnet Protocol Specification (context) - Postel, Reynolds - 1983
76   An Empirical Workload Model for Driving Wide-area TCP/IP Net.. - Danzig, Jamin et al. - 1992
53   File Transfer Protocol (FTP - Postel, Reynolds - 1985
29   Insertion, Evasion, and Denial of Service: Eluding Network I.. - Ptacek, Newsham - 1998
15   SSH Transport Layer Protocol (context) - Ylonen, Kivinen et al. - 2000
14   Telnet Option Specifications (context) - Postel, Reynolds - 1983
9   BSD Rlogin (context) - Kantor - 1991
8   Internet Message Access Protocol - Version 4 (context) - Crispin - 1994
6   Telnet Linemode Option (context) - Borman - 1990
5   A Guide to Understanding Covert Channel Analysis of Trusted .. (context) - Gligor - 1993
4   Using Bottleneck Verification to Find Novel New Attacks with.. (context) - Lippmann, Wyschogrod et al. - 1998
3   LOKI2 (the implementation (context) - route, com - 1997
2   How to get around a Napster blockade (context) - Weekly - 2000
2   RE: Bypassing firewall (context) - Ranum - 2000
2   CERT Vulnerability Note VN (context) - Vulnerability, http et al. - 1998
2   MPEG Audio Layer I/II/III frame header (context) - Bouvigne - 2000
1   The Consumer Internet Steamroller (context) - Harrow - 2000



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.aciri.org/vern/papers.html):   More
End-to-End Internet Packet Dynamics - Paxson (1997)   (Correct)
Detecting Stepping Stones - Zhang, Paxson (2000)   (Correct)
Experiences with NIMI - Paxson, Adams, Mathis (2000)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC