Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
International Journal of Network Security, Vol.10, No.1, PP.6274, Jan. 2010 62 Detecting Connection-Chains: A Data Mining
 

Summary: International Journal of Network Security, Vol.10, No.1, PP.6274, Jan. 2010 62
Detecting Connection-Chains: A Data Mining
Approach
Ahmad Almulhem and Issa Traore
(Corresponding author: Ahmad Almulhem)
ISOT Research Lab, Department of Electrical and Computer Engineering
University of Victoria, Victoria, B.C., V8W 3P6, Canada
(Email: {almulhem, itraore}@ece.uvic.ca)
(Received Feb. 6, 2008; revised Apr. 23, 2008, and accepted June 9, 2008)
Abstract
A connection-chain refers to a mechanism in which some-
one recursively logs into a host, then from there logs into
another host, and so on. Connection-chains represent an
important vector in many security attacks, so it is essen-
tial to be able to detect them. In this paper, we pro-
pose a host-based algorithm to detect them. We adopt
a black-box approach by passively monitoring inbound
and outbound packets at a host, and analyzing the ob-
served packets using association rule mining. We first
explain the proposed algorithm in greater details, then

  

Source: Almulhem, Ahmad - Computer Engineering Department, King Fahd University of Petroleum and Minerals

 

Collections: Computer Technologies and Information Sciences