SSHCure: A Flow-Based SSH Intrusion Detection System

Laurens Hellemons, Luuk Hendriks, Luuk Hendriks, R.J. Hofstede, Anna Sperotto, R. Sadre, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    46 Citations (Scopus)
    107 Downloads (Pure)

    Abstract

    SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data.
    Original languageUndefined
    Title of host publicationProceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012)
    Place of PublicationBerlin
    PublisherSpringer
    Pages86-97
    Number of pages12
    ISBN (Print)978-3-642-30632-7
    DOIs
    Publication statusPublished - Jun 2012
    Event6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012 - Luxembourg, Luxembourg
    Duration: 4 Jun 20128 Jun 2012

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume7279
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012
    Period4/06/128/06/12
    Other4-8 June 2012

    Keywords

    • METIS-287906
    • EWI-21999
    • EC Grant Agreement nr.: FP7/257513
    • IR-80710

    Cite this