Hidden Markov Model Modeling of SSH Brute-Force Attacks
نویسندگان
چکیده
Nowadays, network load is constantly increasing and high-speed infrastructures (1-10Gbps) are becoming increasingly common. In this context, flow-based intrusion detection has recently become a promising security mechanism. However, since flows do not provide any information on the content of a communication, it also became more difficult to establish a ground truth for flowbased techniques benchmarking. A possible approach to overcome this problem is the usage of synthetic traffic traces where the generation of malicious traffic is driven by models. In this paper, we propose a flow time series model of SSH brute-force attacks based on Hidden Markov Models. Our results show that the model successfully emulates an attacker behavior, generating meaningful flow time series.
منابع مشابه
A Study of Passwords and Methods Used in Brute-Force SSH Attacks
In its Top-20 Security Risks report for 2007, the SANS Institute called brute-force password guessing attacks against SSH, FTP and telnet servers “the most common form of attack to compromise servers facing the Internet.” A recent study also suggests that Linux systems may play an important role in the command and control networks for botnets. Defending against brute-force SSH attacks may there...
متن کاملA Denied-Events based Detection Method against SSH Brute-force Attack in Supercomputing Service Environment
The brute-force attack is one of general cyber security threats in supercomputing service environment using a secure shell (SSH) protocol. First we analyzed SSH bruteforce attacks had been detected through the log file parsing method of servers in the KISTI. We found that SSH bruteforce attacks are classified ’1:1’, ’1:N’ or ’N:1’ types of attack between source and destination IP address. And t...
متن کاملProtecting SSH at the Transport Layer
SSH daemons are common targets for brute force attacks. Through log monitoring and firewalling, the impact of these attacks on both security and bandwidth consumption can be minimised. We consider a number of implementations and employ Stockade [1] as a backend to SSHGuard [2] for blocking attackers.
متن کاملTiming Analysis of Keystrokes and Timing Attacks on SSH
SSH is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has two weakness: First, the transmitted packets are padded only to an eight-byte boundary (if a block cipher is in use), which reveals the approximate size of the original data. Second, in interactive mode, every individual keystroke that a user types is sent to the ...
متن کاملIntrusion Detection Using Evolutionary Hidden Markov Model
Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training, ...
متن کامل