ABSTRACT: Network-based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks through intermediate “stepping stones” in order to conceal their identity and origin. To distinguish the source of the attack behind the stepping stone(s), it is important to associate the incoming and outgoing flows or connections of a stepping […]