SSH Compromise Detection using NetFlow/IPFIX

被引:36
|
作者
Hofstede, Rick [1 ]
Hendriks, Luuk [1 ]
Sperotto, Anna [1 ]
Pras, Aiko [1 ]
机构
[1] Univ Twente, CTIT, NL-7500 AE Enschede, Netherlands
来源
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2014年 / 44卷 / 05期
关键词
Network measurement; Intrusion detection; SSH; Net Flow; IPFIX;
D O I
10.1145/2677046.2677050
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful. We address this shortcoming by presenting a detection algorithm for the flow-based detection of compromises, i.e., hosts that have been compromised during an attack. Our algorithm has been implemented as part of our open-source IDS SSHCure and validated using almost 100 servers, workstations and honeypots, featuring an accuracy close to 100%.
引用
收藏
页码:21 / 26
页数:6
相关论文
共 50 条
  • [21] NetFlow Based Intrusion Detection System
    Wang Zhenqi
    Wang Xinyu
    2008 INTERNATIONAL CONFERENCE ON MULTIMEDIA AND INFORMATION TECHNOLOGY, PROCEEDINGS, 2008, : 825 - 828
  • [22] Anomaly detection in NetFlow network traffic using supervised machine learning algorithms
    Fosic, Igor
    Zagar, Drago
    Grgic, Kresimir
    Krizanovic, Visnja
    JOURNAL OF INDUSTRIAL INFORMATION INTEGRATION, 2023, 33
  • [23] Network Detection of Interactive SSH Impostors Using Deep Learning
    Piet, Julien
    Sharma, Aashish
    Paxson, Vern
    Wagner, David
    PROCEEDINGS OF THE 32ND USENIX SECURITY SYMPOSIUM, 2023, : 4283 - 4300
  • [24] Real-time DDoS Attack Detection for Cisco IOS using NetFlow
    van der Steeg, Daniel
    Hofstede, Rick
    Sperotto, Anna
    Pras, Aiko
    PROCEEDINGS OF THE 2015 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM), 2015, : 972 - 977
  • [25] Self-Configuring NetFlow Anomaly Detection using Cluster Density Analysis
    Flanagan, Kieran
    Fallon, Enda
    Awad, Abir
    Connolly, Paul
    2017 19TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATIONS TECHNOLOGY (ICACT) - OPENING NEW ERA OF SMART SOCIETY, 2017, : 421 - 427
  • [26] Edmund: Entropy based attack Detection and Mitigation engine Using Netflow Data
    Haghighat, Mohammad Hashem
    Li, Jun
    ICCNS 2018: PROCEEDINGS OF THE 8TH INTERNATIONAL CONFERENCE ON COMMUNICATION AND NETWORK SECURITY, 2018, : 1 - 6
  • [27] Model-Driven Network Monitoring Using NetFlow Applied to Threat Detection
    Gonzalez-Sanchez, Daniel
    Martinez-Casanueva, Ignacio D.
    Pastor, Antonio
    Bellido Triana, Luis
    Munoz Zamarro, Cristina Pinar
    Moreno Sancho, Alejandro Antonio
    Fernandez Cambronero, David
    Lopez, Diego
    PROCEEDINGS OF THE 2022 IEEE 8TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT 2022): NETWORK SOFTWARIZATION COMING OF AGE: NEW CHALLENGES AND OPPORTUNITIES, 2022, : 450 - 455
  • [28] Passive Remote Source NAT Detection Using Behavior Statistics Derived from NetFlow
    Abt, Sebastian
    Dietz, Christian
    Baier, Harald
    Petrovic, Slobodan
    EMERGING MANAGEMENT MECHANISMS FOR THE FUTURE INTERNET (AIMS 2013), 2013, 7943 : 148 - 159
  • [29] ON-LINE MONITORING OF VOIP QUALITY USING IPFIX
    Matousek, Petr
    Kmet, Martin
    Basel, Martin
    ADVANCES IN ELECTRICAL AND ELECTRONIC ENGINEERING, 2014, 12 (04) : 325 - 333
  • [30] An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System
    Arifianto, Ridho Maulana
    Sukarno, Parman
    Jadied, Erwid Musthofa
    2018 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT), 2018, : 409 - 415
12345