%0 Conference Proceedings
%T SSHCure: A Flow-Based SSH Intrusion Detection System
%+ Centre of Telematics and Information Technology (CTIT)
%+ Design and Analysis of Communication Systems (DACS)
%+ Design and Analysis of Communication Systems (DACS)
%+ University of Twente
%+ University of Twente
%A Hellemons, Laurens
%A Hendriks, Luuk
%A Hofstede, Rick
%A Sperotto, Anna
%A Sadre, Ramin
%A Pras, Aiko
%Z Part 5: Network Security
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 6th International Conference on Autonomous Infrastructure (AIMS)
%C Luxembourg, Luxembourg
%Y Ramin Sadre
%Y Jiří Novotný
%Y Pavel Čeleda
%Y Martin Waldburger
%Y Burkhard Stiller
%I Springer
%3 Dependable Networks and Services
%V LNCS-7279
%P 86-97
%8 2012-06-04
%D 2012
%R 10.1007/978-3-642-30633-4_11
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today’s high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.
%G English
%Z TC 6
%Z WG 6.6
%2 https://inria.hal.science/hal-01529782/document
%2 https://inria.hal.science/hal-01529782/file/978-3-642-30633-4_11_Chapter.pdf
%L hal-01529782
%U https://inria.hal.science/hal-01529782
%~ LORIA2
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-7279