Today’s intruders usually send attacking commands to a target system through several stepping-stone hosts, in order to reduce the chance of being detected. With stepping-stone intrusion (SSI), the intruder’s identity is hidden behind a long interactive chain of hosts and very hard to detect. An effective approach for SSI detection (SSID) is to estimate the length of the chain. This type of method is called network-based SSID. Most existing network-based SSID worked effectively only when intruders’ session manipulation was not present. These known SSID algorithms are either weak to resist intruders’ chaff-perturbation manipulation or having very limited capability in resisting attacker’s session manipulation. This paper develops a novel network-based SSID algorithm resistant to intruders’ chaff-perturbation by using packet crossover. Our proposed SSID algorithm is simple and easy to implement as the number of packet crossovers can be easily computed. We conduct rigorous technical proofs to verify the correctness of our proposed algorithm. The experimental results show that our proposed SSID algorithm works effectively and perfectly in resisting intruders’ chaff-perturbation up to 50% chaff rate.