Date Added: Jan 2010
A connection-chain refers to a mechanism in which some-one recursively logs into a host, then from there logs into another host, and so on. Connection-chains represent an important vector in many security attacks, so it is essential to be able to detect them. In this paper, the authors propose a host-based algorithm to detect them. They adopt a black-box approach by passively monitoring inbound and outbound packets at a host, and analyzing the observed packets using association rule mining.