Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IJNSEC
2010
2010
Detecting Connection-Chains: A Data Mining Approach
A connection-chain refers to a mechanism in which someone recursively logs into a host, then from there logs into another host, and so on. Connection-chains represent an important vector in many security attacks, so it is essential to be able to detect them. In this paper, we propose a host-based algorithm to detect them. We adopt a black-box approach by passively monitoring inbound and outbound packets at a host, and analyzing the observed packets using association rule mining. We first explain the proposed algorithm in greater details, then evaluations are presented to demonstrate its efficiency and detection capabilities. We conduct the evaluation using public network traces, and show that by appropriately setting underlying parameters we can achieve perfect detection, meaning a true positive rate (TPR) of 100% and a false positive rate (FPR) of 0%.
Real-time Traffic| Added | 18 May 2011 |
| Updated | 18 May 2011 |
| Type | Journal |
| Year | 2010 |
| Where | IJNSEC |
| Authors | Ahmad Almulhem, Issa Traoré |
Comments (0)
Researcher Info
|
