A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
System approach to intrusion detection using hidden Markov model
Proceedings of the 2006 international conference on Wireless communications and mobile computing
Markov Models for Pattern Recognition: From Theory to Applications
Markov Models for Pattern Recognition: From Theory to Applications
Internet traffic modeling by means of Hidden Markov Models
Computer Networks: The International Journal of Computer and Telecommunications Networking
Anomaly Characterization in Flow-Based Traffic Time Series
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Behavioral distance measurement using hidden markov models
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Simulated annealing for maximum a posteriori parameter estimation of hidden Markov models
IEEE Transactions on Information Theory
BotTrack: tracking botnets using NetFlow and PageRank
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
SSHCure: a flow-based SSH intrusion detection system
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Hi-index | 0.00 |
Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful flow time series.