Publication details

SimFlow - a similarity-based detection of brute-force attacks

Authors

VYKOPAL Jan

MU Faculty or unit

Institute of Computer Science

Description SimFlow is a suite of scripts that automates a similarity-based detection of brute-force attacks on authentication. It pairs unidirectional flows, extracts volume characteristics from bidirectional flows, scales the numbers of transferred bytes by a user-defined factor, clusters extracted characteristics using DBSCAN implemented in the ELKI framework, vizualizes the clusters found by DBSCAN using a parallel coordinate plot and inspects the found clusters for attacks.

You are running an old browser version. We recommend updating your browser to its latest version.

More info