SSH and Intrusion Detection
نویسنده
چکیده
Widespread use of the SSH protocol greatly reduces the risk of remote computer access by encoding the transmission of clear text usernames and passwords. Prior to the use of SSH, packet sniffing, which allows malicious users to watch for the login process in the clear text packet traffic on a network segment, was an easy method for a malicious user to gain unauthorized access to a machine. Unfortunately, use of SSH might allow a malicious user to bypass intrusion detection systems because of its encrypting of the data payload and its ability to tunnel protocols. This paper outlines the role and issues with the use of the SSH protocol, types and methods of intrusion detection, and proposes techniques and an architecture for an intrusion detection system that uses the SSH daemon as a sensor.
منابع مشابه
Generation of SSH Network Traffic Data for IDS Testbeds
We develop an algorithm for generating secure shell (ssh) network traffic that can find use as a part of a testbed for evaluating anomaly detection and intrusion detection systems in cyber security. Given an initial dataset describing real network traffic, the generator produces synthetic traffic with characteristics close to the original. The objective is to match parameters of the original tr...
متن کاملSSHCure: A Flow-Based SSH Intrusion Detection System
SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today’s high-speed networks. To over...
متن کاملDynamic Authorization and Intrusion Response in Distributed Systems
This paper presents an authorization framework for supporting fine-grained access control policies enhanced with light-weight intrusion/misuse detectors and response capabilities. The framework intercepts and analyzes access requests and dynamically adjusts security policies to prevent attackers from exploiting application level vulnerabilities. We present a practical, flexible implementation o...
متن کاملUnified Method to Block Pornographic Images in Websites
This paper proposes a technique to block adult images displayed in websites. The filter is designed so as to perform even in exceptional cases such as, where face detection is not possible or improper face visibility. This is achieved by using an alternative phase to extract the MFC (Most Frequent Color) from the Human Body regions estimated using a biometric of anthropometric distances between...
متن کاملUnified Method to Block Pornographic Images in Websites
This paper proposes a technique to block adult images displayed in websites. The filter is designed so as to perform even in exceptional cases such as, where face detection is not possible or improper face visibility. This is achieved by using an alternative phase to extract the MFC (Most Frequent Color) from the Human Body regions estimated using a biometric of anthropometric distances between...
متن کامل