作者
Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, Aiko Pras
发表日期
2009
研讨会论文
Integrated Management of Systems, Services, Processes and People in IT: 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2009, Venice, Italy, October 27-28, 2009. Proceedings 20
页码范围
164-176
出版商
Springer Berlin Heidelberg
简介
Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful flow time series.
学术搜索中的文章
A Sperotto, R Sadre, PT de Boer, A Pras - … Management of Systems, Services, Processes and …, 2009