SSH Compromise Detection using NetFlow/IPFIX

@article{Hofstede2014SSHCD,
  title={SSH Compromise Detection using NetFlow/IPFIX},
  author={Rick Hofstede and Luuk Hendriks and Anna Sperotto and Aiko Pras},
  journal={Computer Communication Review},
  year={2014},
  volume={44},
  pages={20-26}
}
Flow-based approaches for SSH intrusion detection have been developed to overcome the scalability issues of host-based alternatives. Although the detection of many SSH attacks in a flow-based fashion is fairly straightforward, no insight is typically provided in whether an attack was successful. We address this shortcoming by presenting a detection algorithm for the flow-based detection of compromises, i.e., hosts that have been compromised during an attack. Our algorithm has been implemented… CONTINUE READING
Highly Cited
This paper has 27 citations. REVIEW CITATIONS

From This Paper

Figures, tables, and topics from this paper.

Citations

Publications citing this paper.
Showing 1-10 of 19 extracted citations

Network Flow Query Language—Design, Implementation, Performance, and Applications

IEEE Transactions on Network and Service Management • 2017
View 4 Excerpts
Highly Influenced

Clustering of SSH brute-force attack logs using k-clique percolation

2016 International Conference on Information & Communication Technology and Systems (ICTS) • 2016
View 3 Excerpts
Highly Influenced

Exploring a service-based normal behaviour profiling system for botnet detection

2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) • 2017
View 1 Excerpt

Feature selection for flow-based intrusion detection using Rough Set Theory

2017 IEEE 14th International Conference on Networking, Sensing and Control (ICNSC) • 2017
View 1 Excerpt

State estimation for a TCP/IP network using terminal sliding-mode methodology

IECON 2017 - 43rd Annual Conference of the IEEE Industrial Electronics Society • 2017
View 1 Excerpt

Similar Papers

Loading similar papers…