Hidden Markov Model modeling of SSH brute-force attacks


Sperotto, Anna and Sadre, Ramin and Boer, Pieter-Tjerk de and Pras, Aiko (2009) Hidden Markov Model modeling of SSH brute-force attacks. In: 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009, October 27-28, 2009, Venice, Italy (pp. pp. 164-176).

open access
Abstract: Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful
flow time series.
Item Type:Conference or Workshop Item
Copyright:© 2009 Springer
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/68309
Official URL:https://doi.org/10.1007/978-3-642-04989-7_13
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page