SSHCure: a flow-based SSH intrusion detection system

Authors:
Laurens Hellemons;Luuk Hendriks;Rick Hofstede;Anna Sperotto;Ramin Sadre;Aiko Pras
Affiliations:
Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...;Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...;Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...;Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...;Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...;Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University ...
Venue:
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Year:
2012

Citing 5
Cited 0

Network-Based Dictionary Attack Detection

ICFN '09 Proceedings of the 2009 International Conference on Future Networks
SURFmap: a network monitoring tool based on the maps API

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Hidden Markov Model Modeling of SSH Brute-Force Attacks

DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Security system for encrypted environments (S2E2)

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
An Overview of IP Flow-Based Intrusion Detection

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.