{"id":"https://openalex.org/W2142839897","doi":"https://doi.org/10.1007/978-3-642-30633-4_11","title":"SSHCure: A Flow-Based SSH Intrusion Detection System","display_name":"SSHCure: A Flow-Based SSH Intrusion Detection System","publication_year":2012,"publication_date":"2012-01-01","ids":{"openalex":"https://openalex.org/W2142839897","doi":"https://doi.org/10.1007/978-3-642-30633-4_11","mag":"2142839897"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-642-30633-4_11","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-30633-4_11","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ris.utwente.nl/ws/files/5342707/aims2012_sshcure.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017434969","display_name":"Laurens Hellemons","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Laurens Hellemons","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068144761","display_name":"Luuk Hendriks","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Luuk Hendriks","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087439261","display_name":"Rick Hofstede","orcid":null},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Rick Hofstede","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025537461","display_name":"Anna Sperotto","orcid":"https://orcid.org/0000-0002-9481-5846"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Anna Sperotto","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072411493","display_name":"Ramin Sadre","orcid":"https://orcid.org/0000-0001-7362-359X"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Ramin Sadre","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","Faculty of Electrical Engineering, Mathematics, and Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]},{"raw_affiliation_string":"Faculty of Electrical Engineering, Mathematics, and Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067140003","display_name":"Aiko Pras","orcid":"https://orcid.org/0000-0002-5091-8608"},"institutions":[{"id":"https://openalex.org/I94624287","display_name":"University of Twente","ror":"https://ror.org/006hf6230","country_code":"NL","type":"education","lineage":["https://openalex.org/I94624287"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Aiko Pras","raw_affiliation_strings":["Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands"],"affiliations":[{"raw_affiliation_string":"Centre for Telematics and Information Technology (CTIT) Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS), Design and Analysis of Communication Systems (DACS), University of Twente, Enschede, The Netherlands","institution_ids":["https://openalex.org/I94624287"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5017434969"],"corresponding_institution_ids":["https://openalex.org/I94624287"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":13.248,"has_fulltext":true,"cited_by_count":69,"citation_normalized_percentile":{"value":0.99297117,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"86","last_page":"97"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8676359057426453},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8301019072532654},{"id":"https://openalex.org/keywords/plug-in","display_name":"Plug-in","score":0.6161054372787476},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6152431964874268},{"id":"https://openalex.org/keywords/host-based-intrusion-detection-system","display_name":"Host-based intrusion detection system","score":0.5274013876914978},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5051453709602356},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.44581013917922974},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.43795400857925415},{"id":"https://openalex.org/keywords/anomaly-based-intrusion-detection-system","display_name":"Anomaly-based intrusion detection system","score":0.436890184879303},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.33949393033981323},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33013683557510376},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2403397262096405}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8676359057426453},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8301019072532654},{"id":"https://openalex.org/C4924752","wikidata":"https://www.wikidata.org/wiki/Q184148","display_name":"Plug-in","level":2,"score":0.6161054372787476},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6152431964874268},{"id":"https://openalex.org/C90936777","wikidata":"https://www.wikidata.org/wiki/Q917189","display_name":"Host-based intrusion detection system","level":4,"score":0.5274013876914978},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5051453709602356},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.44581013917922974},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.43795400857925415},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.436890184879303},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.33949393033981323},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33013683557510376},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2403397262096405},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.1007/978-3-642-30633-4_11","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-642-30633-4_11","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:ris.utwente.nl:publications/677ab834-d5ce-403e-8a1a-df72d2babe02","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/677ab834-d5ce-403e-8a1a-df72d2babe02","pdf_url":"https://ris.utwente.nl/ws/files/5342707/aims2012_sshcure.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Hellemons, L, Hendriks, L, Hofstede, R J, Sperotto, A, Sadre, R & Pras, A 2012, SSHCure: A Flow-Based SSH Intrusion Detection System. in Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Lecture Notes in Computer Science, vol. 7279, Springer, Berlin, pp. 86-97. https://doi.org/10.1007/978-3-642-30633-4_11","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.643.997","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.643.997","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://wwwhome.cs.utwente.nl/~sperottoa/papers/2012/aims2012_sshcure.pdf","raw_type":"text"},{"id":"pmh:oai:HAL:hal-01529782v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-01529782","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"6th International Conference on Autonomous Infrastructure (AIMS), Jun 2012, Luxembourg, Luxembourg. pp.86-97, &#x27E8;10.1007/978-3-642-30633-4_11&#x27E9;","raw_type":"Conference papers"},{"id":"pmh:oai:ris.utwente.nl:publications/677ab834-d5ce-403e-8a1a-df72d2babe02","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""}],"best_oa_location":{"id":"pmh:oai:ris.utwente.nl:publications/677ab834-d5ce-403e-8a1a-df72d2babe02","is_oa":true,"landing_page_url":"https://research.utwente.nl/en/publications/677ab834-d5ce-403e-8a1a-df72d2babe02","pdf_url":"https://ris.utwente.nl/ws/files/5342707/aims2012_sshcure.pdf","source":{"id":"https://openalex.org/S4406922991","display_name":"University of Twente Research Information","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Hellemons, L, Hendriks, L, Hofstede, R J, Sperotto, A, Sadre, R & Pras, A 2012, SSHCure: A Flow-Based SSH Intrusion Detection System. in Proceedings of the 6th International Conference on Autonomous Infrastructure, Management, and Security (AIMS 2012). Lecture Notes in Computer Science, vol. 7279, Springer, Berlin, pp. 86-97. https://doi.org/10.1007/978-3-642-30633-4_11","raw_type":"info:eu-repo/semantics/publishedVersion"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7699999809265137,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2142839897.pdf","grobid_xml":"https://content.openalex.org/works/W2142839897.grobid-xml"},"referenced_works_count":12,"referenced_works":["https://openalex.org/W40890042","https://openalex.org/W1510247148","https://openalex.org/W1567558984","https://openalex.org/W1580437619","https://openalex.org/W2047271725","https://openalex.org/W2078191206","https://openalex.org/W2110385611","https://openalex.org/W2122803863","https://openalex.org/W2131605042","https://openalex.org/W2168917894","https://openalex.org/W2171331105","https://openalex.org/W2260798440"],"related_works":["https://openalex.org/W3148526535","https://openalex.org/W2374614522","https://openalex.org/W2357468538","https://openalex.org/W4322721010","https://openalex.org/W2288321734","https://openalex.org/W1992118813","https://openalex.org/W2350900992","https://openalex.org/W2359460876","https://openalex.org/W2061466315","https://openalex.org/W4362733457"],"abstract_inverted_index":{"SSH":[0,72],"attacks":[1,85],"are":[2],"a":[3,17,29,66,100,107],"main":[4],"area":[5],"of":[6,46,83,89,96,119],"concern":[7],"for":[8,39,71,79,109],"network":[9,34],"managers,":[10],"due":[11],"to":[12,54],"the":[13,44,80,97,110,116,120],"danger":[14],"associated":[15],"with":[16,124],"successful":[18],"compromise.":[19],"Detecting":[20],"these":[21],"attacks,":[22],"and":[23,86],"possibly":[24],"compromised":[25,90],"victims,":[26],"is":[27,104,122],"therefore":[28],"crucial":[30],"activity.":[31],"Most":[32],"existing":[33],"intrusion":[35,68],"detection":[36,69,82,117],"systems":[37],"designed":[38],"this":[40,60,62],"purpose":[41],"rely":[42],"on":[43],"inspection":[45],"individual":[47],"packets":[48],"and,":[49],"hence,":[50],"do":[51],"not":[52],"scale":[53],"today\u2019s":[55],"high-speed":[56],"networks.":[57],"To":[58],"overcome":[59],"issue,":[61],"paper":[63],"proposes":[64],"SSHCure,":[65],"flow-based":[67],"system":[70,121],"attacks.":[73],"It":[74],"employs":[75],"an":[76],"efficient":[77],"algorithm":[78],"real-time":[81],"ongoing":[84],"allows":[87],"identification":[88],"attack":[91],"targets.":[92],"A":[93],"prototype":[94],"implementation":[95],"algorithm,":[98],"including":[99],"graphical":[101],"user":[102],"interface,":[103],"implemented":[105],"as":[106],"plugin":[108],"popular":[111],"NfSen":[112],"monitoring":[113],"tool.":[114],"Finally,":[115],"performance":[118],"validated":[123],"empirical":[125],"traffic":[126],"data.":[127]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":8},{"year":2014,"cited_by_count":9},{"year":2013,"cited_by_count":5}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}