Filters








12 Hits in 1.1 sec

SSHCure: A Flow-Based SSH Intrusion Detection System [chapter]

Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, Aiko Pras
2012 Lecture Notes in Computer Science  
To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks.  ...  Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks.  ...  The goal of the present paper is to design and implement a flow-based intrusion detection system for brute-force SSH attacks.  ... 
doi:10.1007/978-3-642-30633-4_11 fatcat:yr2jjq44cbbchiicjw7in7f3we

SSH Compromise Detection using NetFlow/IPFIX

Rick Hofstede, Luuk Hendriks, Anna Sperotto, Aiko Pras
2014 Computer communication review  
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives.  ...  Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful.  ...  First and least error prone is a host-based approach, where log files can be inspected and Intrusion Detection Systems (IDSs) installed.  ... 
doi:10.1145/2677046.2677050 fatcat:v6k62n3p3zcwnoqqe4fzjcy464

Flow-Based Compromise Detection: Lessons Learned

Rick Hofstede, Aiko Pras, Anna Sperotto, Gabi Dreo Rodosek
2018 IEEE Security and Privacy  
Traditionally, security monitoring is performed in a host-based fashion by running intrusion detection systems (IDSs) on networked devices.  ...  SSHCure has a strong focus on detecting the three attack phases and was the first flow-based IDS that could report on compromises.  ... 
doi:10.1109/msp.2018.1331021 fatcat:7ekqioqi4zelvekw3afw365k7i

Unveiling flat traffic on the Internet: An SSH attack case study

Mattijs Jonker, Rick Hofstede, Anna Sperotto, Aiko Pras
2015 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)  
The characteristic flat behavior is used by many Intrusion Detection Systems (IDSes), both for identifying the presence of attacks and -once detected -for observing deviations, pointing out potential compromises  ...  To do so, we have developed a flow exporter extension that was deployed in both a campus and a backbone network.  ...  The problem of having every packet in a flow accounted in the same way recently became apparent in our flow-based SSH Intrusion Detection System (IDS) SSHCure [6] . 1 SSHCure is able to identify network  ... 
doi:10.1109/inm.2015.7140301 dblp:conf/im/JonkerHSP15 fatcat:my3j2k4pxfd5tdizcmdqw3c33a

Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques

Gokul Kannan Sadasivam, Chittaranjan Hota, Bhojan Anand
2017 Software Networking  
In this paper, we detect a compromised SSH session that is carrying out malicious activities. We use flow-based approach and machine learning techniques to detect a compromised session.  ...  In a flow-based approach, individual packets are not scrutinised. Hence, it works better on a high-speed network. The data is extracted from a distributed honeypot.  ...  This model is used in their research project to built a detection tool called as SSHCure [4, 10] . SSHCure is a plugin for NfSen (NetFlow Sensor) tool [14] .  ... 
doi:10.13052/jsn2445-9739.2017.005 fatcat:trpud7fnjrgkvflyqdwxzci2wu

Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques

Gokul Kannan Sadasivam, Chittaranjan Hota, Bhojan Anand
2017 Convergence Security  
In this paper, we detect a compromised SSH session that is carrying out malicious activities. We use flow-based approach and machine learning techniques to detect a compromised session.  ...  In a flow-based approach, individual packets are not scrutinised. Hence, it works better on a high-speed network. The data is extracted from a distributed honeypot.  ...  This model is used in their research project to built a detection tool called as SSHCure [4, 10] . SSHCure is a plugin for NfSen (NetFlow Sensor) tool [14] .  ... 
doi:10.13052/jcs2445-9992.2017.001 fatcat:xnuxyi6d7ncrhdof72ljbb7jsm

A Survey of Network-based Intrusion Detection Data Sets [article]

Markus Ring and Sarah Wunderlich and Deniz Scheuring and Dieter Landes and Andreas Hotho
2019 arXiv   pre-print
Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems.  ...  This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail.  ...  SSHCure [70] . Hofstede et al. [70] propose SSHCure, a tool for SSH attack detection.  ... 
arXiv:1903.02460v1 fatcat:u2tphoibebhmplo34xnxim5mna

De-identification Mechanism of Block Network Image Privacy Information based on Risk Level

Jinsu Kim, Sungwook Jung, Sangik Oh, Won-Chi Jung, Doik Hyun, Yujin Jung, Eunsun Choi, Namje Park
2021 Advances in dynamical systems and applications (ADSA)  
SSHCure: A Flow-Based SSH Intrusion Detection System, IFIP International Conference on Autonomous Infrastructure, Management and Security, 86-97. [8] Namje Park (2018).  ...  A novel Machine Learning-based approach for the detection of SSH botnet infection, Future Generation Computer Systems. [6] Jinsu Kim & Namje Park (2020) Blockchain-Based Data-Preserving AI Learning  ... 
doi:10.37622/adsa/16.1.2021.171-179 fatcat:z462p2gmyza2jfdvbqlmewi6km

IoT-Botnet Detection and Isolation by Access Routers

Christian Dietz, Raphael Labaca Castro, Jessica Steinberger, Cezary Wilczak, Marcel Antzek, Anna Sperotto, Aiko Pras
2018 2018 9th International Conference on the Network of the Future (NOF)  
The goal of this paper is to present an IoT botnet detection and isolation approach at the level of access routers that makes IoT devices more attack resilient.  ...  We show that our IoT botnet detection and isolation approach helps to prevent the compromise of IoT devices without the need to have in-depth technical administration knowledge, and hence make it viable  ...  ACKNOWLEDGMENT We thank the chair for Communication Systems and Network Security at the Bundeswehr University Munichen, Prof.  ... 
doi:10.1109/nof.2018.8598138 dblp:conf/nof/DietzCSWASP18 fatcat:gesl2l6tcfbcdopbffq24glqeq

Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware

Eva Papadogiannaki, Sotiris Ioannidis
2021 Sensors  
In this work, we present HeaderHunter, a fast signature-based intrusion detection system even for encrypted network traffic.  ...  Common applications for DPI include but are not limited to firewalls, intrusion detection and prevention systems, L7 filtering, and packet forwarding.  ...  Hellmons et al. proposed SSHCure [51] , a flow-based intrusion detection system for SSH attacks, while Foroushani et al.  ... 
doi:10.3390/s21041140 pmid:33562000 fatcat:cfsytoioujeohglyusbem76ygy

Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX

Rick Hofstede, Pavel Celeda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, Aiko Pras
2014 IEEE Communications Surveys and Tutorials  
Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks.  ...  By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis.  ...  This work was partly funded by FLAMINGO, a Network of Excellence project (ICT-318488) supported by the European Commission under its Seventh Framework Programme.  ... 
doi:10.1109/comst.2014.2321898 fatcat:eefcoigarrfwhkikqiib2svvga

Implementación de los sistemas de gestión de la red en dos universidades americanas

Manuel José Linares Alvaro, Ligia Sánchez Parrales, Kleber Germiniano Marcillo Parrales
2018 Sinapsis  
Currently, as a result of this work, both the University of Granma and ITSUP, have a system to monitor the network that has contributed to a significant decrease in interruption times due to service failure  ...  , using free software, is also intended to demonstrate the feasibility of implementing a management system in any institution.  ...  A esta poderosa herramienta, se le han instalado plugins como el SSHcure, que muestra procesos de reconocimientos hechos a la red en busca de servicios SSH abiertos, en períodos previos de 24 horas o más  ... 
doi:10.37117/s.v2i11.125 fatcat:kfvuchmg6zaqfpr4jwfycico3i