Publication details
SimFlow - a similarity-based detection of brute-force attacks
| Authors | |
|---|---|
| Year of publication | 2013 |
| MU Faculty or unit | |
| web | Webová stránka s balíčkem |
| Description | SimFlow is a suite of scripts that automates a similarity-based detection of brute-force attacks on authentication. It pairs unidirectional flows, extracts volume characteristics from bidirectional flows, scales the numbers of transferred bytes by a user-defined factor, clusters extracted characteristics using DBSCAN implemented in the ELKI framework, vizualizes the clusters found by DBSCAN using a parallel coordinate plot and inspects the found clusters for attacks. |