{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T18:30:03Z","timestamp":1771525803063,"version":"3.50.1"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030582005","type":"print"},{"value":"9783030582012","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58201-2_4","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T23:02:29Z","timestamp":1600038149000},"page":"49-63","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Refined Detection of SSH Brute-Force Attackers Using Machine Learning"],"prefix":"10.1007","author":[{"given":"Karel","family":"Hynek","sequence":"first","affiliation":[]},{"given":"Tom\u00e1\u0161","family":"Bene\u0161","sequence":"additional","affiliation":[]},{"given":"Tom\u00e1\u0161","family":"\u010cejka","sequence":"additional","affiliation":[]},{"given":"Hana","family":"Kub\u00e1tov\u00e1","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/978-3-319-29938-9_6","volume-title":"Technology and Practice of Passwords","author":"AR Abdou","year":"2016","unstructured":"Abdou, A.R., Barrera, D., van Oorschot, P.C.: What lies beneath? Analyzing automated SSH Bruteforce attacks. In: Stajano, F., Mj\u00f8lsnes, S.F., Jenkinson, G., Thorsheim, P. (eds.) PASSWORDS 2015. LNCS, vol. 9551, pp. 72\u201391. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29938-9_6"},{"key":"4_CR2","unstructured":"AbuseIPDB making the internet safer, one IP at a time, October 2019. https:\/\/www.abuseipdb.com\/"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Anderson, B., McGrew, D.: Identifying encrypted malware traffic with contextual flow data. In: ACM Workshop on Artificial Intelligence and Security (2016)","DOI":"10.1145\/2996758.2996768"},{"key":"4_CR4","unstructured":"Anderson, B., McGrew, D., Perricone, P., Hudson, B.: Joy - a package for capturing and analyzing network flow data and intraflow data, October 2019. https:\/\/github.com\/cisco\/joy"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-319-20034-7_10","volume-title":"Intelligent Mechanisms for Network Configuration and Security","author":"T Cejka","year":"2015","unstructured":"Cejka, T., Bartos, V., Truxa, L., Kubatova, H.: Using application-aware flow monitoring for\u00a0SIP\u00a0fraud\u00a0detection. In: Latr\u00e9, S., Charalambides, M., Fran\u00e7ois, J., Schmitt, C., Stiller, B. (eds.) AIMS 2015. LNCS, vol. 9122, pp. 87\u201399. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20034-7_10"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Cejka, T., et al.: NEMEA: a framework for network traffic analysis. In: 12th International Conference on Network and Service Management (CNSM) (2016)","DOI":"10.1109\/CNSM.2016.7818417"},{"key":"4_CR7","unstructured":"Censys, October 2019. https:\/\/censys.io"},{"key":"4_CR8","unstructured":"Cisco 2018 annual cybersecurity report, October 2019. https:\/\/rfc-editor.org\/rfc\/rfc3954.txt"},{"key":"4_CR9","doi-asserted-by":"publisher","unstructured":"Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954, October 2004. https:\/\/doi.org\/10.17487\/RFC3954","DOI":"10.17487\/RFC3954"},{"key":"4_CR10","doi-asserted-by":"publisher","unstructured":"Cusack, F., Forssen, M.: Generic message exchange authentication for the secure shell protocol (SSH). Technical report, January 2006. https:\/\/doi.org\/10.17487\/rfc4256","DOI":"10.17487\/rfc4256"},{"key":"4_CR11","unstructured":"Fai12ban, October 2019. http:\/\/www.fai12ban.org\/wiki\/index.php\/Main_Page"},{"key":"4_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-642-30633-4_11","volume-title":"Dependable Networks and Services","author":"L Hellemons","year":"2012","unstructured":"Hellemons, L., Hendriks, L., Hofstede, R., Sperotto, A., Sadre, R., Pras, A.: SSHCure: a flow-based SSH intrusion detection system. In: Sadre, R., Novotn\u00fd, J., \u010celeda, P., Waldburger, M., Stiller, B. (eds.) AIMS 2012. LNCS, vol. 7279, pp. 86\u201397. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-30633-4_11"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Hendriks, L., et al.: Threats and surprises behind IPv6 extension headers. In: Network Traffic Measurement and Analysis Conference (TMA) (2017)","DOI":"10.23919\/TMA.2017.8002912"},{"key":"4_CR14","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-981-13-2348-5_9","volume-title":"Towards Extensible and Adaptable Methods in Computing","author":"GK Sadasivam","year":"2018","unstructured":"Sadasivam, G.K., Hota, C., Anand, B.: Honeynet data analysis and distributed SSH Brute-force attacks. In: Chakraverty, S., Goel, A., Misra, S. (eds.) Towards Extensible and Adaptable Methods in Computing, pp. 107\u2013118. Springer, Singapore (2018). https:\/\/doi.org\/10.1007\/978-981-13-2348-5_9"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Jonker, M., Hofstede, R., Sperotto, A., Pras, A.: Unveiling flat traffic on the internet: an SSH attack case study. In: International Symposium on Integrated Network Management (IM) (2015)","DOI":"10.1109\/INM.2015.7140301"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Najafabadi, M.M., Khoshgoftaar, T.M., Kemp, C., Seliya, N., Zuech, R.: Machine learning for detecting brute force attacks at the network level. In: IEEE International Conference on Bioinformatics and Bioengineering (2014)","DOI":"10.1109\/BIBE.2014.73"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Najafabadi, M.M., Khoshgoftaar, T.M., Calvert, C., Kemp, C.: Detection of SSH Brute force attacks using aggregated netflow data. In: 14th International Conference on Machine Learning and Applications (ICMLA) (2015)","DOI":"10.1109\/ICMLA.2015.20"},{"key":"4_CR18","unstructured":"Ncrack - Network authentication cracking tool, October 2019. https:\/\/nmap.org\/ncrack\/"},{"key":"4_CR19","unstructured":"NEMEA Bruteforce detector, October 2019. https:\/\/github.com\/CESNET\/Nemea-Detectors\/tree\/master\/brute_force_detector"},{"key":"4_CR20","unstructured":"Ponemon 2014 SSH security vulnerability report, October 2019. https:\/\/energycollection.us\/Energy-Security\/Ponemon-2014-SSH.pdf"},{"key":"4_CR21","doi-asserted-by":"publisher","unstructured":"Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Architecture for IP flow information export. RFC 5470, March 2009. https:\/\/doi.org\/10.17487\/RFC5470","DOI":"10.17487\/RFC5470"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Satoh, A., Nakamura, Y., Ikenaga, T.: SSH dictionary attack detection based on flow analysis. In: 12th International Symposium on Applications and the Internet IPSJ (2012)","DOI":"10.1109\/SAINT.2012.16"},{"key":"4_CR23","unstructured":"Shodan, October 2019. https:\/\/www.shodan.io"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1007\/978-3-642-04989-7_13","volume-title":"Integrated Management of Systems, Services, Processes and People in IT","author":"A Sperotto","year":"2009","unstructured":"Sperotto, A., Sadre, R., de Boer, P.-T., Pras, A.: Hidden Markov model modeling of SSH Brute-force attacks. In: Bartolini, C., Gaspary, L.P. (eds.) DSOM 2009. LNCS, vol. 5841, pp. 164\u2013176. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04989-7_13"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Thames, J.L., Abler, R., Keeling, D.: A distributed active response architecture for preventing SSH dictionary attacks. In: IEEE SoutheastCon 2008, pp. 84\u201389 (2008)","DOI":"10.1109\/SECON.2008.4494264"},{"key":"4_CR26","unstructured":"THC HYDRA V. Hauser, The Hacker Choice (THC) - Hydra, October 2019. https:\/\/www.thc.org\/thc-hydra\/"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-662-43862-6_20","volume-title":"Monitoring and Securing Virtualized Networks and Services","author":"P Velan","year":"2014","unstructured":"Velan, P., \u010celeda, P.: Next generation application-aware flow monitoring. In: Sperotto, A., Doyen, G., Latr\u00e9, S., Charalambides, M., Stiller, B. (eds.) AIMS 2014. LNCS, vol. 8508, pp. 173\u2013178. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43862-6_20"},{"key":"4_CR28","doi-asserted-by":"publisher","unstructured":"Ylonen, T.: The Secure Shell (SSH) Transport Layer Protocol. Technical report, January 2006. https:\/\/doi.org\/10.17487\/rfc4253","DOI":"10.17487\/rfc4253"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58201-2_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T00:05:22Z","timestamp":1726272322000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58201-2_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582005","9783030582012"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58201-2_4","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2020.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.88","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.14","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}