I have the suspicion my system gets hacked, as I found one ssh session established to an unknown user. Please give your opinion whether am I right to doubt about the security of my system. What checks should I run?
My system has been up and running for ~3months with ssh and some other ports open to receive traffic.  

tcp        0      0 192.168.1.9:ssh         92.48.70.236:43214      SYN_RECV   
tcp        0      0 192.168.1.9:ssh         192.168.1.4:38755       ESTABLISHED
tcp        0      0 192.168.1.9:ssh         92.48.70.236:42746      CLOSE_WAIT 
tcp        0      0 192.168.1.9:ssh         92.48.70.236:33846      TIME_WAIT  
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ]         DGRAM                    980      @/org/kernel/udev/udevd
unix  3      [ ]         STREAM     CONNECTED     368421   
unix  3      [ ]         STREAM     CONNECTED     368420   
tcp        0      0 192.168.1.9:ssh         192.168.1.4:38755       ESTABLISHED
tcp        0    720 192.168.1.9:ssh         92.48.70.236:38074      ESTABLISHED
tcp        0      0 192.168.1.9:ssh         92.48.70.236:56129      TIME_WAIT