Nederlands
Contact
Search
OrganisationEEMCS EPrints Service
 |
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
Sperotto, A. and Sadre, R. and de Boer, P.T. and Pras, A.
(2009)
Hidden Markov Model modeling of SSH brute-force attacks.
In: Integrated Management of Systems, Services, Processes and People in IT, Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009, October 27-28, 2009, Venice, Italy.
pp. 164-176.
Lecture Notes in Computer Science 5841/2009.
Springer Verlag.
ISSN 0302-9743
ISBN 978-3-642-04988-0
Full text available as:
Official URL: http://dx.doi.org/10.1007/978-3-642-04989-7_13  Abstract Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful
Export this item as: To correct this item please ask your editor Repository Staff Only: edit this item |
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
