Mobility

Detecting Connection-Chains: A Data Mining Approach

Free registration required

Executive Summary

A connection-chain refers to a mechanism in which some-one recursively logs into a host, then from there logs into another host, and so on. Connection-chains represent an important vector in many security attacks, so it is essential to be able to detect them. In this paper, the authors propose a host-based algorithm to detect them. They adopt a black-box approach by passively monitoring inbound and outbound packets at a host, and analyzing the observed packets using association rule mining.

  • Format: PDF
  • Size: 222.6 KB