KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis and Response of SSH Brute Force Attacks in Multi-User Computing Environment

다중 사용자 컴퓨팅 환경에서 SSH 무작위 공격 분석 및 대응

  • 이재국 (한국과학기술정보연구원 슈퍼컴퓨팅인프라실) ;
  • 김성준 (한국과학기술정보연구원 슈퍼컴퓨팅인프라실) ;
  • 우준 (한국과학기술정보연구원 슈퍼컴퓨팅인프라실) ;
  • 박찬열 (한국과학기술정보연구원 슈퍼컴퓨팅인프라실)
  • Received : 2015.02.10
  • Accepted : 2015.04.21
  • Published : 2015.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

SSH provides a secure, encrypted communication channel between two end point systems using public key encryption. But SSH brute force attack is one of the most significant attacks. This kind of attack aims to login to the SSH server by continually guessing a large number of user account and password combinations. In this paper, we analyze logs of SSH brute force attacks in 2014 and propose a failed-log based detection mechanism in high performance computing service environment.

SSH 서비스는 공개키를 이용하여 두 시스템 사이의 안전하고 암호화된 통신 채널을 제공한다. 그러나 이 서비스를 악용한 SSH 무작위 공격(SSH brute force attack)과 같은 해킹 시도가 지속적으로 발생하고 있다. SSH 무작위 공격은 사용자의 계정과 패스워드 조합을 추측하여 SSH 서버에 지속적으로 로그인을 시도한다. 본 논문에서는 2014년 국가 슈퍼컴퓨터를 대상(Target)으로 발생한 SSH 무작위 공격을 분석하고 이와 같이 공격을 탐지하고 대응하기 위한 실패로그 기반의 방법을 기술한다.

Keywords

References

  1. Chan Yeol Park, JunWeon Yoon, Tae-Young Hong, and Joon Woo, "Pattern Analysis of Jobs on Supercomputer Tachyon2," Journal of Supercomputing Information, Vol.2, No.1, Apr., 2014.
  2. Bu Young Ahn, Ji Hoon Jang, Sun Il Ahn, Myung Il Kim, Noo Ri On, Jong Hyun Hong, and Sik Lee, "Study of High Performance Computing Activation Strategy," International Journal of Multimedia and Ubiquitous Engineering, Vol.9, No.6, 2014.
  3. Jae-Kook Lee, Chan Yeol Park, Sung-Jun Kim, and Joon Woo, "Performance Analysis and Improvement of Network Firewalls in the KISTI-4 Supercomputing Service Environment," Journal of Supercomputing Information, Vol.2, No.2, Oct., 2014.
  4. Steve Mansfield-Devine, "Interview: Tatu Ylonen, SSH communications Security," Computer Fraud & Security, May, 2012.
  5. Gene Schultz, "Using ssh: Do security risks outweigh the benefits?," Network Security, Vol.2004, Issue.10, Oct., 2004.
  6. Dusi, M., M. Crotti, F. Gringoli, and L. Salgarelli, "Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting," Computer Networks, Vol.53, Issue.1, 16th, Jan., 2009.
  7. Mehdi Barati, Azizol Abdullah, NurIzura Udzir, Mostafa Behzadi, Ramlan Mahmod, and Norwati Mustapha, "Intrusion Detection System in Secure Shell Traffic in Cloud Environment," Journal of Computer Science 10, 2014.
  8. Stanislav Ponomarev, Nathan Wallace, and Travis Atkison, "Detection of SSH Host Spoofing in Control Systems Through Network Telemetry Analysis," Cyber and Information Security Research Conference, 8-10th, Apr., 2014.
  9. Ahmed Patel, Mona Taghavi, Kaveh Bakhtiyari, and Joaquim Celestino Junior, "An intrusion detection and prevention system in cloud computing: A systematic review," Journal of Network and Computer Applications 36, 2013.
  10. Chirag Modi, Dhiren Patel, Bhavesh Borisaniyam, Hiren Patel, Avi Patel, and Muttukrishnan Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications 36, 2013.
  11. Zigang Cao, Shoufeng Cao, Gang Xiong, and Li Guo, "Progress in Study of Encrypted Traffic Clasification," in ISCTCS 2012, May, 2012.
  12. Zubair M. Fadlullah, Rarik Taleb, Athanasios V. Vasilakos, Mohsen Guizani, and Nei Kato, "DTRAB: Combating Against Attacks on Encrypted Protocols Through Traffic-Feature Analysis," IEEE/ACM Transactions on networking, Vol.18, No.4, Aug., 2010.
  13. Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, and Aiko Pras, "SSHCure: A Flow-Based SSH Intrusion Detection System," LNCS, Vol. 7279, 2012.
  14. Anna Sperotto, Ramin Sadrem, Pieter-Tjerk de Boer, and Aiko Pras, "Hidden Markov Model modeling of SSH brute-force attacks," LNCS, Vol.5841, 2009.
  15. Dusi, M., M. Crotti, F. Gringoli, and L. Salgarelli, "Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting," Computer Networks, Vol.53, Issue.1, 16th, Jan., 2009.
  16. Akihiro Satoh, Yutaka Nakamura, and Takeshi Ikenaga, "SSH Dictionary Attack Detection based on Flow Analysis," in 12th International Symposium on Applications and the Internet, 2012.
  17. Xiaoqiao Huang, Hongbin Guo, "Construct the Secure Shell Transport Model and Analyze Its Security Performance," Procedia Environmental Sciences 11, 2011.
  18. Woosuk Kim, Sunghoon Kang, Kyungshin Kim, and Seungjoo Kim, "Detecting ShellCode Using Entropy," KIPS Tr. Comp. and Comm. Sys., Vol.3, No.3, 2014.
  19. Aly M. El-Semary, Mostafa Gadal-Haqq M. Mostafa, "Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques," Journal of Information Processing Systems, Vol.6, No.4, Dec., 2010.
  20. Ill Young Weon, Doo Heon Song, and Chang Hoon Lee, "A Combination of Signature-based IDS and Machine Learningbased IDS using Alpha-cut and Beta pick," The KIPS transactions, Part C, Vol.12C, No.4, 2005.

Cited by

  1. Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment vol.69, pp.2, 2016, https://doi.org/10.3938/jkps.69.253