Hidden Markov Model Modeling of SSH Brute-Force Attacks

13 years 10 months ago

Download wwwhome.cs.utwente.nl

Abstract. Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, ﬂow-based intrusion detection has recently become a promising security mechanism. However, since ﬂows do not provide any information on the content of a communication, it also became more difﬁcult to establish a ground truth for ﬂowbased techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic trafﬁc traces where the generation of malicious trafﬁc is driven by models. In this paper, we propose a ﬂow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful ﬂow time series.

Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer,

Real-time Traffic

Computer Networks | DSOM 2009 | Promising Security Mechanism | ﬂow Time Series | ﬂow-based Intrusion Detection |

claim paper

» System approach to intrusion detection using hidden Markov model

» Further Hidden Markov Model Cryptanalysis

» Investigating hidden Markov models capabilities in anomaly detection

» Keystroke statistical learning model for web authentication

» HMMWeb A Framework for the Detection of Attacks Against Web Applications

» Acoustic SideChannel Attacks on Printers

» On the Use of Word Networks to Mimicry Attack Detection

» On the Role of Information Compaction to Intrusion Detection

Post Info
More Details (n/a)

Added	26 May 2010
Updated	26 May 2010
Type	Conference
Year	2009
Where	DSOM
Authors	Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, Aiko Pras

Comments (0)

Sciweavers

Hidden Markov Model Modeling of SSH Brute-Force Attacks

Computer Networks | DSOM 2009 | Promising Security Mechanism | ﬂow Time Series | ﬂow-based Intrusion Detection |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers