Hidden Markov Model Modeling of SSH Brute-Force Attacks
Open Access
- 1 January 2009
- book chapter
- conference paper
- Published by Springer Science and Business Media LLC in Lecture Notes in Computer Science
Abstract
Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flow-based techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful flow time series.Keywords
This publication has 17 references indexed in Scilit:
- A Labeled Data Set for Flow-Based Intrusion DetectionLecture Notes in Computer Science, 2009
- Internet traffic modeling by means of Hidden Markov ModelsComputer Networks, 2008
- Anomaly Characterization in Flow-Based Traffic Time SeriesLecture Notes in Computer Science, 2008
- Markovian Models for Sequential DataPublished by Springer Science and Business Media LLC ,2008
- Behavioral Distance Measurement Using Hidden Markov ModelsLecture Notes in Computer Science, 2006
- HMM profiles for network traffic classificationPublished by Association for Computing Machinery (ACM) ,2004
- A framework for malicious workload generationPublished by Association for Computing Machinery (ACM) ,2004
- Simulated annealing for maximum a posteriori parameter estimation of hidden Markov modelsIEEE Transactions on Information Theory, 2000
- A tutorial on hidden Markov models and selected applications in speech recognitionProceedings of the IEEE, 1989
- A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov ChainsThe Annals of Mathematical Statistics, 1970