Unveiling SSHCure 3.0: Flow-based SSH Compromise Detection

R.J. Hofstede, Luuk Hendriks

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    68 Downloads (Pure)

    Abstract

    Network-based intrusion detection systems have always been designed to report on the presence of attacks. Due to the sheer and ever-increasing number of attacks on the Internet, Computer Security Incident Response Teams (CSIRTs) are overwhelmed with attack reports. For that reason, there is a need for the detection of compromises rather than compromise attempts, since those incidents are the ones that have to be taken care of. In previous works, we have demonstrated and validated our state-of-the-art compromise detection algorithm that works on exported flow data, i.e, data exported using NetFlow or IPFIX. The detection algorithm has been implemented as part of our open-source intrusion detection system SSHCure. In this demonstration, we showcase the latest release of SSHCure, which includes many new features, such as an overhauled user interface design based on user surveys, integration with incident reporting tools, blacklist integration and IPv6 support. Attendees will be able to explore SSHCure in a semi-live fashion by means of practical examples of situations that CSIRT members encounter in their daily activities.
    Original languageEnglish
    Title of host publicationProceedings of the International Conference on Networked Systems, NetSys 2015
    Place of PublicationCottbus, Germany
    PublisherBrandenburg University of Technology Cottbus-Senftenberg
    Pages-
    Number of pages2
    ISBN (Print)not assigned
    Publication statusPublished - Mar 2015
    Event2015 International Conference and Workshops on Networked Systems, NetSys 2015 - Brandenburgische Technische Universität Cottbus-Senftenberg, Cottbus, Germany
    Duration: 9 Mar 201512 Mar 2015

    Publication series

    Name
    PublisherBrandenburg University of Technology Cottbus-Senftenberg

    Conference

    Conference2015 International Conference and Workshops on Networked Systems, NetSys 2015
    Abbreviated titleNetSys
    CountryGermany
    CityCottbus
    Period9/03/1512/03/15

    Keywords

    • EWI-26134
    • METIS-312666
    • IR-97700

    Fingerprint Dive into the research topics of 'Unveiling SSHCure 3.0: Flow-based SSH Compromise Detection'. Together they form a unique fingerprint.

    Cite this