Classification of SSH Anomalous Connections
نویسندگان
چکیده
The Secure Shell Protocol (SSH) is a well-known standard protocol for remote login and used as well for other secure network services over an insecure network. It is mainly used for remotely accessing shell accounts on Unix-liked operating systems to perform administrative tasks. For this reason, the SSH service has been for years an attractive target for attackers, aiming to guess root passwords performing dictionary attacks, or to directly exploit the service itself. To test the classification performance of different classifiers and combinations of them, this study gathers and analyze SSH data coming from a honeynet and then it is analysed by means of a wide range of classifiers. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections.
منابع مشابه
Resilient Connections for SSH and TLS
Disconnection of an SSH shell or a secure application session due to network outages or travel is a familiar problem to many Internet users today. In this paper, we extend the SSH and TLS protocols to support resilient connections that can span several sequential TCP connections. The extensions allow sessions to survive both changes in IP addresses and long periods of disconnection. Our design ...
متن کاملThe Anomalous Insertion of Pectoralis Minor (Le Double Type III): A case report
Introduction: The pectoralis minor muscle originates from third to fifth ribs of the chest wall and inserts at the medial side of the coracoid process of Scapula. It contributes to the abduction of the scapulothoracic joint and downward movement of the shoulder. The anomalous insertion of pectoralis minor beyond the coracoid process is known since the 19th century. Aim of the study: To report ...
متن کاملExplicit Communication Revisited: Two New Attacks on Authentication Protocols
SSH and AKA are recent, practical protocols for secure connections over an otherwise unprotected network. This paper shows that, despite the use of public-key cryptography, SSH and AKA do not provide authentication as intended. The aws of SSH and AKA can be viewed as the result of their disregarding a basic principle for the design of sound authentication protocols: the principle that messages ...
متن کاملSecure Login Connections over the Internet
SSH provides secure login, le transfer, X11, and TCP/IP connections over an untrusted network. It uses cryptographic authentication, automatic session encryption, and integrity protection for transferred data. RSA is used for key exchange and authentica-tion, and symmetric algorithms (e.g., IDEA or three-key triple-DES) for encrypting transferred data. SSH is intended as a replacement for the e...
متن کاملReal Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques
The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). As network security functions spread, an increasing amount of traffic is natively encrypted due to privacy issues (e.g. VPN). This makes ineffective current traffic classification systems based on ports and payload inspection, e.g. even powe...
متن کامل