HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

SSHCure: A Flow-Based SSH Intrusion Detection System

Abstract : SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today’s high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.
Complete list of metadata

Cited literature [11 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, May 31, 2017 - 1:17:45 PM
Last modification on : Thursday, June 1, 2017 - 1:09:01 AM
Long-term archiving on: : Wednesday, September 6, 2017 - 4:09:00 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, et al.. SSHCure: A Flow-Based SSH Intrusion Detection System. 6th International Conference on Autonomous Infrastructure (AIMS), Jun 2012, Luxembourg, Luxembourg. pp.86-97, ⟨10.1007/978-3-642-30633-4_11⟩. ⟨hal-01529782⟩



Record views


Files downloads