Evading Stepping-Stone Detection with Enough Chaff

Henry Clausen, Michael S. Gibson, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Stepping-stones are used extensively by attackers to hide their identity and access restricted targets. Many methods have been proposed to detect stepping-stones and resist evasive behaviour, but so far no benchmark dataset exists to provide a fair comparison of detection rates. We propose a comprehensive framework to simulate realistic stepping-stone behaviour that includes effective evasion tools, and release a large dataset, which we use to evaluate detection rates for eight state-of-the-art methods. Our results show that detection results for several methods fall behind the claimed detection rates, even without the presence of evasion tactics. Furthermore, currently no method is capable to reliably detect stepping-stone when the attacker inserts suitable chaff perturbations, disproving several robustness claims and indicating that further improvements of existing detection models are necessary.
Original languageEnglish
Title of host publicationNetwork and System Security
EditorsMirosław Kutyłowski, Jun Zhang, Chao Chen
Place of PublicationCham
PublisherSpringer International Publishing
Number of pages16
ISBN (Electronic)978-3-030-65744-4
ISBN (Print)978-3-030-65744-4
Publication statusPublished - 19 Dec 2020
Event14th International Conference on Network and System Security - Online, Melbourne, Australia
Duration: 25 Nov 202027 Nov 2020

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference14th International Conference on Network and System Security
Abbreviated titleNSS 2020
Internet address


Dive into the research topics of 'Evading Stepping-Stone Detection with Enough Chaff'. Together they form a unique fingerprint.

Cite this