Sciweavers

DSOM
2009
Springer

Hidden Markov Model Modeling of SSH Brute-Force Attacks

14 years 6 months ago
Hidden Markov Model Modeling of SSH Brute-Force Attacks
Abstract. Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flowbased techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful flow time series.
Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer,
Added 26 May 2010
Updated 26 May 2010
Type Conference
Year 2009
Where DSOM
Authors Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, Aiko Pras
Comments (0)