Detecting Long Connection Chains of Interactive Terminal Sessions

@inproceedings{Yung2002DetectingLC,
  title={Detecting Long Connection Chains of Interactive Terminal Sessions},
  author={Kwong H. Yung},
  booktitle={RAID},
  year={2002}
}
To elude detection and capture, hackers chain many computers together to attack the victim computer from a distance. This report proposes a new strategy for detecting suspicious remote sessions, used as part of a long connection chain. Interactive terminal sessions behave differently on long chains than on direct connections. The time gap between a client request and the server delayed acknowledgment estimates the round-trip time to the nearest server. Under the same conditions, the time gap… CONTINUE READING
Highly Cited
This paper has 63 citations. REVIEW CITATIONS

4 Figures & Tables

Topics

Statistics

0510'05'07'09'11'13'15'17
Citations per Year

63 Citations

Semantic Scholar estimates that this publication has 63 citations based on the available data.

See our FAQ for additional information.