Modeling and analysis of stepping stone attacks

David M. Nicol, Vikas Mallapura

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Computer exploits often involve an attacker being able to compromise a sequence of hosts, creating a chain of 'stepping stones' from his source to ultimate target. Stepping stones are usually necessary to access well-protected resources, and also serve to mask the attacker's location. This paper describes means of constructing models of networks and the access control mechanisms they employ to approach the problem of finding which stepping stone paths are easiest for an attacker to find. While the simplest formulation of the problem can be addressed with deterministic shortest-path algorithms, we argue that consideration of what and how an attacker may (or may not) launch from a compromised host pushes one towards solutions based on Monte Carlo sampling. We describe the sampling algorithm and some preliminary results obtained using it.

Original languageEnglish (US)
Title of host publicationProceedings of the 2014 Winter Simulation Conference, WSC 2014
EditorsAndreas Tolk, Levent Yilmaz, Saikou Y. Diallo, Ilya O. Ryzhov
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages12
ISBN (Electronic)9781479974863
StatePublished - Jan 23 2015
Event2014 Winter Simulation Conference, WSC 2014 - Savannah, United States
Duration: Dec 7 2014Dec 10 2014

Publication series

NameProceedings - Winter Simulation Conference
ISSN (Print)0891-7736


Other2014 Winter Simulation Conference, WSC 2014
Country/TerritoryUnited States

ASJC Scopus subject areas

  • Software
  • Modeling and Simulation
  • Computer Science Applications


Dive into the research topics of 'Modeling and analysis of stepping stone attacks'. Together they form a unique fingerprint.

Cite this