Back to University of Twente portal
SSHCure: a flow-based SSH intrusion detection system
Hellemons, Laurens and Hendriks, Luuk and Hofstede, Rick and Sperotto, Anna and Sadre, Ramin and Pras, Aiko (2012) SSHCure: a flow-based SSH intrusion detection system. In: 6th International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012, 4-8 June 2012, Luxembourg, Luxembourg.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 847Kb |
| Abstract: | SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today's high-speed networks. To overcome this issue, this paper proposes SSHCure, a flow-based intrusion detection system for SSH attacks. It employs an efficient algorithm for the real-time detection of ongoing attacks and allows identification of compromised attack targets. A prototype implementation of the algorithm, including a graphical user interface, is implemented as a plugin for the popular NfSen monitoring tool. Finally, the detection performance of the system is validated with empirical traffic data. |
| Item Type: | Conference or Workshop Item |
| Copyright: | © 2012 Springer |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/80710 |
| Official URL: | http://dx.doi.org/10.1007/978-3-642-30633-4_11 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page