Abstract
Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful
flow time series.
Original language | Undefined |
---|---|
Title of host publication | Integrated Management of Systems, Services, Processes and People in IT, Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009 |
Place of Publication | Berlin |
Publisher | Springer |
Pages | 164-176 |
Number of pages | 13 |
ISBN (Print) | 978-3-642-04988-0 |
DOIs | |
Publication status | Published - 21 Oct 2009 |
Event | 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009: Integrated Management of Systems, Services, Processes and People in IT - Venice, Italy Duration: 27 Oct 2009 → 28 Oct 2009 Conference number: 20 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer Verlag |
Volume | 5841/2009 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009 |
---|---|
Abbreviated title | DSOM |
Country/Territory | Italy |
City | Venice |
Period | 27/10/09 → 28/10/09 |
Keywords
- METIS-264131
- EWI-16470
- IR-68309