Hidden Markov Model modeling of SSH brute-force attacks
Sperotto, Anna and Sadre, Ramin and Boer, Pieter-Tjerk de and Pras, Aiko (2009) Hidden Markov Model modeling of SSH brute-force attacks. In: 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009, October 27-28, 2009, Venice, Italy (pp. pp. 164-176).
|Abstract:|| Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful
flow time series.
|Item Type:||Conference or Workshop Item|
|Copyright:||© 2009 Springer|
Electrical Engineering, Mathematics and Computer Science (EEMCS)
|Link to this item:||http://purl.utwente.nl/publications/68309|
|Export this item as:||BibTeX|
Daily downloads in the past month
Monthly downloads in the past 12 months
Repository Staff Only: item control page