Abstract
SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data. © 2012 IFIP International Federation for Information Processing.
Cite
CITATION STYLE
Hellemons, L., Hendriks, L., Hofstede, R., Sperotto, A., Sadre, R., & Pras, A. (2012). SSHCure: A flow-based SSH intrusion detection system. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7279 LNCS, pp. 86–97). https://doi.org/10.1007/978-3-642-30633-4_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
