Browse > Article
http://dx.doi.org/10.3745/KTCCS.2015.4.6.205

Analysis and Response of SSH Brute Force Attacks in Multi-User Computing Environment  

Lee, Jae-Kook (한국과학기술정보연구원 슈퍼컴퓨팅인프라실)
Kim, Sung-Jun (한국과학기술정보연구원 슈퍼컴퓨팅인프라실)
Woo, Joon (한국과학기술정보연구원 슈퍼컴퓨팅인프라실)
Park, Chan Yeol (한국과학기술정보연구원 슈퍼컴퓨팅인프라실)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.4, no.6, 2015 , pp. 205-212 More about this Journal
Abstract
SSH provides a secure, encrypted communication channel between two end point systems using public key encryption. But SSH brute force attack is one of the most significant attacks. This kind of attack aims to login to the SSH server by continually guessing a large number of user account and password combinations. In this paper, we analyze logs of SSH brute force attacks in 2014 and propose a failed-log based detection mechanism in high performance computing service environment.
Keywords
Intrusion Detection; SSH; Brute Force Attack; Supercomputing; Attack Analysis;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Ahmed Patel, Mona Taghavi, Kaveh Bakhtiyari, and Joaquim Celestino Junior, "An intrusion detection and prevention system in cloud computing: A systematic review," Journal of Network and Computer Applications 36, 2013.
2 Chirag Modi, Dhiren Patel, Bhavesh Borisaniyam, Hiren Patel, Avi Patel, and Muttukrishnan Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications 36, 2013.
3 Zigang Cao, Shoufeng Cao, Gang Xiong, and Li Guo, "Progress in Study of Encrypted Traffic Clasification," in ISCTCS 2012, May, 2012.
4 Zubair M. Fadlullah, Rarik Taleb, Athanasios V. Vasilakos, Mohsen Guizani, and Nei Kato, "DTRAB: Combating Against Attacks on Encrypted Protocols Through Traffic-Feature Analysis," IEEE/ACM Transactions on networking, Vol.18, No.4, Aug., 2010.
5 Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, and Aiko Pras, "SSHCure: A Flow-Based SSH Intrusion Detection System," LNCS, Vol. 7279, 2012.
6 Anna Sperotto, Ramin Sadrem, Pieter-Tjerk de Boer, and Aiko Pras, "Hidden Markov Model modeling of SSH brute-force attacks," LNCS, Vol.5841, 2009.
7 Dusi, M., M. Crotti, F. Gringoli, and L. Salgarelli, "Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting," Computer Networks, Vol.53, Issue.1, 16th, Jan., 2009.
8 Akihiro Satoh, Yutaka Nakamura, and Takeshi Ikenaga, "SSH Dictionary Attack Detection based on Flow Analysis," in 12th International Symposium on Applications and the Internet, 2012.
9 Xiaoqiao Huang, Hongbin Guo, "Construct the Secure Shell Transport Model and Analyze Its Security Performance," Procedia Environmental Sciences 11, 2011.
10 Woosuk Kim, Sunghoon Kang, Kyungshin Kim, and Seungjoo Kim, "Detecting ShellCode Using Entropy," KIPS Tr. Comp. and Comm. Sys., Vol.3, No.3, 2014.
11 Aly M. El-Semary, Mostafa Gadal-Haqq M. Mostafa, "Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques," Journal of Information Processing Systems, Vol.6, No.4, Dec., 2010.
12 Ill Young Weon, Doo Heon Song, and Chang Hoon Lee, "A Combination of Signature-based IDS and Machine Learningbased IDS using Alpha-cut and Beta pick," The KIPS transactions, Part C, Vol.12C, No.4, 2005.
13 Steve Mansfield-Devine, "Interview: Tatu Ylonen, SSH communications Security," Computer Fraud & Security, May, 2012.
14 Chan Yeol Park, JunWeon Yoon, Tae-Young Hong, and Joon Woo, "Pattern Analysis of Jobs on Supercomputer Tachyon2," Journal of Supercomputing Information, Vol.2, No.1, Apr., 2014.
15 Bu Young Ahn, Ji Hoon Jang, Sun Il Ahn, Myung Il Kim, Noo Ri On, Jong Hyun Hong, and Sik Lee, "Study of High Performance Computing Activation Strategy," International Journal of Multimedia and Ubiquitous Engineering, Vol.9, No.6, 2014.
16 Jae-Kook Lee, Chan Yeol Park, Sung-Jun Kim, and Joon Woo, "Performance Analysis and Improvement of Network Firewalls in the KISTI-4 Supercomputing Service Environment," Journal of Supercomputing Information, Vol.2, No.2, Oct., 2014.
17 Gene Schultz, "Using ssh: Do security risks outweigh the benefits?," Network Security, Vol.2004, Issue.10, Oct., 2004.
18 Dusi, M., M. Crotti, F. Gringoli, and L. Salgarelli, "Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting," Computer Networks, Vol.53, Issue.1, 16th, Jan., 2009.
19 Mehdi Barati, Azizol Abdullah, NurIzura Udzir, Mostafa Behzadi, Ramlan Mahmod, and Norwati Mustapha, "Intrusion Detection System in Secure Shell Traffic in Cloud Environment," Journal of Computer Science 10, 2014.
20 Stanislav Ponomarev, Nathan Wallace, and Travis Atkison, "Detection of SSH Host Spoofing in Control Systems Through Network Telemetry Analysis," Cyber and Information Security Research Conference, 8-10th, Apr., 2014.