P. Balland, An Analysis of, Network Beaconing Activity for Incident Response, 2008.

D. Dasgupta, CIDS: An agent-based intrusion detection system. Computers & Security 24, pp.387-398, 2005.
DOI : 10.1016/j.cose.2005.01.004

L. Hellemons, . Hendriks, . Luuk, R. J. Hofstede, A. Sperotto et al., SSHCure: A Flow-Based SSH Intrusion Detection System, Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security, pp.86-97, 2012.
DOI : 10.1007/978-3-642-30633-4_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.643.997

M. Husák and M. Dra?ar, Flow-based Monitoring of Honeypots, Proceedings of 7th International Conference on Security and Protection of Information, 2013.

A. J. Menezes, P. C. Van-oorschot, S. A. Vanstone, and R. L. Rivest, Identification and Entity Authentication, Boca Raton, 1997.
DOI : 10.1201/9781439821916.ch10

C. Seifert, Analyzing Malicious SSH Login Attempts, 2006.

A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras et al., An Overview of IP Flow-Based Intrusion Detection, IEEE Communications Surveys & Tutorials, vol.12, issue.3, p.343356, 2010.
DOI : 10.1109/SURV.2010.032210.00054

J. L. Thames, R. Abler, and D. Keeling, A Distributed Active Response Architecture for Preventing SSH Dictionary Attacks, p.8489, 2008.

M. Vizváry and J. Vykopal, Flow-based Detection of RDP Brute-force Attacks, Proceedings of 7th International Conference on Security and Protection of Information, 2013.

J. Vykopal, A Flow-Level Taxonomy and Prevalence of Brute Force Attacks, Advances in Computing and Communications, pp.666-675, 2011.
DOI : 10.1109/SURV.2010.032210.00054