Network-Based Dictionary Attack Detection
ICFN '09 Proceedings of the 2009 International Conference on Future Networks
SURFmap: a network monitoring tool based on the maps API
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Security system for encrypted environments (S2E2)
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
An Overview of IP Flow-Based Intrusion Detection
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.