DNS Based Detection of SSH Dictionary Attack in Campus Network
نویسندگان
چکیده
We statistically investigated the DNS query access traffic from a university campus network toward the top domain DNS (tDNS) through March 14th, 2009, when the hosts in the campus network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour−1, through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords, and (3) the former keyword is a fully qualified domain name and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the campus network.
منابع مشابه
Evaluation of DNS Based SSH Dictionary Attack Traffic in Campus Network
We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university campus network to the top domain DNS server through March 14th, 2009, when the network servers in the campus network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the network servers, especially those providing SSH services, g...
متن کاملDetection of NS Resource Record DNS Resolution Traffic, Host Search, and SSH Dictionary Attack Activities
We carried out an entropy study on the DNS query traffic from the Internet to the top domain DNS server in a university campus network through January 1st to March 31st, 2009. The obtained results are: (1) We observed a difference for the entropy changes among the total-, the A-, and the PTR resource records (RRs) based DNS query traffic from the Internet through January 17th to February 1st, 2...
متن کاملValidation of the Network-based Dictionary Attack Detection
This paper presents a study of successful dictionary attacks against a SSH server and their network-based detection. On the basis of experience in the protection of university network we developed a detection algorithm based on a generic SSH authentication pattern. Thanks to the network-based approach, the detection algorithm is host independent and highly scalable. We deployed a high-interacti...
متن کاملA Novel Face Detection Method Based on Over-complete Incoherent Dictionary Learning
In this paper, face detection problem is considered using the concepts of compressive sensing technique. This technique includes dictionary learning procedure and sparse coding method to represent the structural content of input images. In the proposed method, dictionaries are learned in such a way that the trained models have the least degree of coherence to each other. The novelty of the prop...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کامل