SSH Compromise Detection using NetFlow/IPFIX

被引:36
|
作者
Hofstede, Rick [1 ]
Hendriks, Luuk [1 ]
Sperotto, Anna [1 ]
Pras, Aiko [1 ]
机构
[1] Univ Twente, CTIT, NL-7500 AE Enschede, Netherlands
来源
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW | 2014年 / 44卷 / 05期
关键词
Network measurement; Intrusion detection; SSH; Net Flow; IPFIX;
D O I
10.1145/2677046.2677050
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful. We address this shortcoming by presenting a detection algorithm for the flow-based detection of compromises, i.e., hosts that have been compromised during an attack. Our algorithm has been implemented as part of our open-source IDS SSHCure and validated using almost 100 servers, workstations and honeypots, featuring an accuracy close to 100%.
引用
收藏
页码:21 / 26
页数:6
相关论文
共 50 条
  • [41] BotTrack: Tracking Botnets Using NetFlow and PageRank
    Francois, Jerome
    Wang, Shaonan
    State, Radu
    Engel, Thomas
    NETWORKING 2011, PT I, 2011, 6640 : 1 - 14
  • [42] Implementation and visualization of a netflow log data lake system for cyberattack detection using distributed deep learning
    Shih, Wen-Chung
    Yang, Chao-Tung
    Jiang, Cheng-Tian
    Kristiani, Endah
    JOURNAL OF SUPERCOMPUTING, 2023, 79 (05): : 4983 - 5012
  • [43] Poster Abstract: Collecting Sensor Data using Compressed IPFIX
    Schmitt, Corinna
    Braun, Lothar
    Kothmayr, Thomas
    Carle, Georg
    PROCEEDINGS OF THE 9TH ACM/IEEE INTERNATIONAL CONFERENCE ON INFORMATION PROCESSING IN SENSOR NETWORKS, 2010, : 390 - 391
  • [44] Machine Learning based DDos Detection Through NetFlow Analysis
    Hou, Jiangpan
    Fu, Peipei
    Cao, Zigang
    Xu, Anlin
    2018 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM 2018), 2018, : 565 - 570
  • [45] Netflow-Based Malware Detection and Data Visualisation System
    Kozik, Rafal
    Mlodzikowski, Robert
    Choras, Michal
    COMPUTER INFORMATION SYSTEMS AND INDUSTRIAL MANAGEMENT (CISIM 2017), 2017, 10244 : 652 - 660
  • [46] Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models
    Campazas-Vega, Adrian
    Crespo-Martinez, Ignacio Samuel
    Guerrero-Higueras, Angel Manuel
    Fernandez-Llamas, Camino
    SENSORS, 2020, 20 (24) : 1 - 13
  • [47] Implementation and visualization of a netflow log data lake system for cyberattack detection using distributed deep learning
    Wen-Chung Shih
    Chao-Tung Yang
    Cheng-Tian Jiang
    Endah Kristiani
    The Journal of Supercomputing, 2023, 79 : 4983 - 5012
  • [48] Analysis of NetFlow Features' Importance in Malicious Network Traffic Detection
    Campazas-Vega, Adrian
    Samuel Crespo-Martinez, Ignacio
    Manuel Guerrero-Higueras, Angel
    Alvarez-Aparicio, Claudia
    Matellan, Vicente
    14TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS AND 12TH INTERNATIONAL CONFERENCE ON EUROPEAN TRANSNATIONAL EDUCATIONAL (CISIS 2021 AND ICEUTE 2021), 2022, 1400 : 52 - 61
  • [49] Modern NetFlow network dataset with labeled attacks and detection methods
    Komisarek, Mikolaj
    Pawlicki, Marek
    Simic, Tomi
    Kavcnik, David
    Kozik, Rafal
    Choras, Michal
    18TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY & SECURITY, ARES 2023, 2023,
  • [50] An Approach for Business Email Compromise Detection using NLP and Deep Learning
    Alguliyev, Rasim
    Aligulivev, Ramiz
    Sukhostat, Lyudmila
    2024 IEEE 18TH INTERNATIONAL CONFERENCE ON APPLICATION OF INFORMATION AND COMMUNICATION TECHNOLOGIES, AICT 2024, 2024,
12345