@inproceedings{090834628abd4b2eb09db22fdc46a919,
title = "Detecting computers in cyber space maliciously exploited as SSH proxies",
abstract = "Classifying encrypted traffic is a great challenge in the cyber security domain. Attackers can use the SSH protocol to hide the nature of their attack. This is done by enabling SSH tunneling to act as a proxy. In this study we present a technique for matching (encrypted) SSH incoming sessions with corresponding (encrypted) SSH outgoing sessions through a series of SSH servers. This is an indication of suspicious activity and therefore an important step in order to identify SSH servers that are potentially used as a stepping-stone in a chain of proxies.",
keywords = "Cyberattack, Encrypted traffic, Machine learning, SSH",
author = "Idan Morad and Asaf Shabtai",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 8th International Conference on Innovative Security Solutions for Information Technology and Communications, SECITC 2015 ; Conference date: 11-06-2015 Through 12-06-2015",
year = "2015",
month = jan,
day = "1",
doi = "10.1007/978-3-319-27179-8_14",
language = "American English",
isbn = "9783319271781",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "201--211",
editor = "David Naccache and Emil Simion and Ion Bica",
booktitle = "Innovative Security Solutions for Information Technology and Communications - 8th International Conference, SECITC 2015, Revised Selected Papers",
address = "Germany",
}