Abstract : SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today’s high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.
Type de document :
Communication dans un congrès
Ramin Sadre; Jiří Novotný; Pavel Čeleda; Martin Waldburger; Burkhard Stiller. 6th International Conference on Autonomous Infrastructure (AIMS), Jun 2012, Luxembourg, Luxembourg. Springer, Lecture Notes in Computer Science, LNCS-7279, pp.86-97, 2012, Dependable Networks and Services. 〈10.1007/978-3-642-30633-4_11〉
https://hal.inria.fr/hal-01529782
Contributeur : Hal Ifip
<>
Soumis le : mercredi 31 mai 2017 - 13:17:45
Dernière modification le : jeudi 1 juin 2017 - 01:09:01
Document(s) archivé(s) le : mercredi 6 septembre 2017 - 16:09:00
Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, et al.. SSHCure: A Flow-Based SSH Intrusion Detection System. Ramin Sadre; Jiří Novotný; Pavel Čeleda; Martin Waldburger; Burkhard Stiller. 6th International Conference on Autonomous Infrastructure (AIMS), Jun 2012, Luxembourg, Luxembourg. Springer, Lecture Notes in Computer Science, LNCS-7279, pp.86-97, 2012, Dependable Networks and Services. 〈10.1007/978-3-642-30633-4_11〉. 〈hal-01529782〉
