A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Filters
SSHCure: A Flow-Based SSH Intrusion Detection System
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. ...
Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. ...
The goal of the present paper is to design and implement a flow-based intrusion detection system for brute-force SSH attacks. ...
doi:10.1007/978-3-642-30633-4_11
fatcat:yr2jjq44cbbchiicjw7in7f3we
SSH Compromise Detection using NetFlow/IPFIX
2014
Computer communication review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. ...
Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful. ...
First and least error prone is a host-based approach, where log files can be inspected and Intrusion Detection Systems (IDSs) installed. ...
doi:10.1145/2677046.2677050
fatcat:v6k62n3p3zcwnoqqe4fzjcy464
Flow-Based Compromise Detection: Lessons Learned
2018
IEEE Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Traditionally, security monitoring is performed in a host-based fashion by running intrusion detection systems (IDSs) on networked devices. ...
SSHCure has a strong focus on detecting the three attack phases and was the first flow-based IDS that could report on compromises. ...
doi:10.1109/msp.2018.1331021
fatcat:7ekqioqi4zelvekw3afw365k7i
Unveiling flat traffic on the Internet: An SSH attack case study
2015
2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
The characteristic flat behavior is used by many Intrusion Detection Systems (IDSes), both for identifying the presence of attacks and -once detected -for observing deviations, pointing out potential compromises ...
To do so, we have developed a flow exporter extension that was deployed in both a campus and a backbone network. ...
The problem of having every packet in a flow accounted in the same way recently became apparent in our flow-based SSH Intrusion Detection System (IDS) SSHCure [6] . 1 SSHCure is able to identify network ...
doi:10.1109/inm.2015.7140301
dblp:conf/im/JonkerHSP15
fatcat:my3j2k4pxfd5tdizcmdqw3c33a
Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques
2017
Software Networking
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
In this paper, we detect a compromised SSH session that is carrying out malicious activities. We use flow-based approach and machine learning techniques to detect a compromised session. ...
In a flow-based approach, individual packets are not scrutinised. Hence, it works better on a high-speed network. The data is extracted from a distributed honeypot. ...
This model is used in their research project to built a detection tool called as SSHCure [4, 10] . SSHCure is a plugin for NfSen (NetFlow Sensor) tool [14] . ...
doi:10.13052/jsn2445-9739.2017.005
fatcat:trpud7fnjrgkvflyqdwxzci2wu
Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques
2017
Convergence Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
In this paper, we detect a compromised SSH session that is carrying out malicious activities. We use flow-based approach and machine learning techniques to detect a compromised session. ...
In a flow-based approach, individual packets are not scrutinised. Hence, it works better on a high-speed network. The data is extracted from a distributed honeypot. ...
This model is used in their research project to built a detection tool called as SSHCure [4, 10] . SSHCure is a plugin for NfSen (NetFlow Sensor) tool [14] . ...
doi:10.13052/jcs2445-9992.2017.001
fatcat:xnuxyi6d7ncrhdof72ljbb7jsm
A Survey of Network-based Intrusion Detection Data Sets
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. ...
This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. ...
SSHCure [70] . Hofstede et al. [70] propose SSHCure, a tool for SSH attack detection. ...
arXiv:1903.02460v1
fatcat:u2tphoibebhmplo34xnxim5mna
De-identification Mechanism of Block Network Image Privacy Information based on Risk Level
2021
Advances in dynamical systems and applications (ADSA)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
SSHCure: A Flow-Based SSH Intrusion
Detection System, IFIP International Conference on Autonomous Infrastructure,
Management and Security, 86-97.
[8] Namje Park (2018). ...
A novel Machine Learning-based approach for the detection of SSH botnet
infection, Future Generation Computer Systems.
[6] Jinsu Kim & Namje Park (2020) Blockchain-Based Data-Preserving AI Learning ...
doi:10.37622/adsa/16.1.2021.171-179
fatcat:z462p2gmyza2jfdvbqlmewi6km
IoT-Botnet Detection and Isolation by Access Routers
2018
2018 9th International Conference on the Network of the Future (NOF)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The goal of this paper is to present an IoT botnet detection and isolation approach at the level of access routers that makes IoT devices more attack resilient. ...
We show that our IoT botnet detection and isolation approach helps to prevent the compromise of IoT devices without the need to have in-depth technical administration knowledge, and hence make it viable ...
ACKNOWLEDGMENT We thank the chair for Communication Systems and Network Security at the Bundeswehr University Munichen, Prof. ...
doi:10.1109/nof.2018.8598138
dblp:conf/nof/DietzCSWASP18
fatcat:gesl2l6tcfbcdopbffq24glqeq
Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware
2021
Sensors
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In this work, we present HeaderHunter, a fast signature-based intrusion detection system even for encrypted network traffic. ...
Common applications for DPI include but are not limited to firewalls, intrusion detection and prevention systems, L7 filtering, and packet forwarding. ...
Hellmons et al. proposed SSHCure [51] , a flow-based intrusion detection system for SSH attacks, while Foroushani et al. ...
doi:10.3390/s21041140
pmid:33562000
fatcat:cfsytoioujeohglyusbem76ygy
Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX
2014
IEEE Communications Surveys and Tutorials
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Flow monitoring has become a prevalent method for monitoring traffic in high-speed networks. ...
By focusing on the analysis of flows, rather than individual packets, it is often said to be more scalable than traditional packet-based traffic analysis. ...
This work was partly funded by FLAMINGO, a Network of Excellence project (ICT-318488) supported by the European Commission under its Seventh Framework Programme. ...
doi:10.1109/comst.2014.2321898
fatcat:eefcoigarrfwhkikqiib2svvga
Implementación de los sistemas de gestión de la red en dos universidades americanas
2018
Sinapsis
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Currently, as a result of this work, both the University of Granma and ITSUP, have a system to monitor the network that has contributed to a significant decrease in interruption times due to service failure ...
, using free software, is also intended to demonstrate the feasibility of implementing a management system in any institution. ...
A esta poderosa herramienta, se le han instalado plugins como el SSHcure, que muestra procesos de reconocimientos hechos a la red en busca de servicios SSH abiertos, en períodos previos de 24 horas o más ...
doi:10.37117/s.v2i11.125
fatcat:kfvuchmg6zaqfpr4jwfycico3i