SSH Compromise Detection using NetFlow/IPFIX

被引:36
|
作者
Hofstede, Rick [1 ]
Hendriks, Luuk [1 ]
Sperotto, Anna [1 ]
Pras, Aiko [1 ]
机构
[1] Univ Twente, CTIT, NL-7500 AE Enschede, Netherlands
来源
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2014年 / 44卷 / 05期
关键词
Network measurement; Intrusion detection; SSH; Net Flow; IPFIX;
D O I
10.1145/2677046.2677050
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful. We address this shortcoming by presenting a detection algorithm for the flow-based detection of compromises, i.e., hosts that have been compromised during an attack. Our algorithm has been implemented as part of our open-source IDS SSHCure and validated using almost 100 servers, workstations and honeypots, featuring an accuracy close to 100%.
引用
收藏
页码:21 / 26
页数:6
相关论文
共 50 条
  • [1] Public Review for SSH Compromise Detection using NetFlow/IPFIX
    Ballani, Hitesh
    ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (05) : 20 - 20
  • [2] Using NetFlow/IPFIX for Network Management
    Aiko Pras
    Ramin Sadre
    Anna Sperotto
    Tiago Fioreze
    David Hausheer
    Jürgen Schönwälder
    Journal of Network and Systems Management, 2009, 17 : 482 - 487
  • [3] Using NetFlow/IPFIX for Network Management
    Pras, Aiko
    Sadre, Ramin
    Sperotto, Anna
    Fioreze, Tiago
    Hausheer, David
    Schoenwaelder, Juergen
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2009, 17 (04) : 482 - 487
  • [4] A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX
    van der Toorn, Olivier
    Hofstede, Rick
    Jonker, Mattijs
    Sperotto, Anna
    PROCEEDINGS OF THE 2015 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM), 2015, : 862 - 865
  • [5] Towards Real-Time Intrusion Detection for NetFlow and IPFIX
    Hofstede, Rick
    Bartos, Vaclav
    Sperotto, Anna
    Pras, Aiko
    2013 9TH INTERNATIONAL CONFERENCE ON NETWORK AND SERVICE MANAGEMENT (CNSM), 2013, : 227 - 234
  • [6] Detection of SSH Brute Force Attacks Using Aggregated Netflow Data
    Najafabadi, Maryam M.
    Khoshgoftaar, Taghi M.
    Calvert, Chad
    Kemp, Clifford
    2015 IEEE 14TH INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA), 2015, : 283 - 288
  • [7] Measuring Cloud Service Health Using NetFlow/IPFIX: The WikiLeaks Case
    Drago, Idilio
    Hofstede, Rick
    Sadre, Ramin
    Sperotto, Anna
    Pras, Aiko
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2015, 23 (01) : 58 - 88
  • [8] Measuring Cloud Service Health Using NetFlow/IPFIX: The WikiLeaks Case
    Idilio Drago
    Rick Hofstede
    Ramin Sadre
    Anna Sperotto
    Aiko Pras
    Journal of Network and Systems Management, 2015, 23 : 58 - 88
  • [9] OF2NF: Flow monitoring in OpenFlow environment using NetFlow/IPFIX
    Pajin, Dusan
    Vuletic, Pavle V.
    2015 1st IEEE Conference on Network Softwarization (NetSoft), 2015,
  • [10] Detecting cryptocurrency miners with NetFlow/IPFIX network measurements
    Zayuelas i Munoz, Jordi
    Suarez-Varela, Jose
    Barlet-Ros, Pere
    2019 IEEE INTERNATIONAL SYMPOSIUM ON MEASUREMENTS & NETWORKING (M&N 2019), 2019,
12345