کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
457035 | 695866 | 2015 | 11 صفحه PDF | دانلود رایگان |
SANS has warned about the new variants of SSH dictionary attacks that are very stealthy in comparison with a simple attack. In this paper, we propose a new method to detect simple and stealthy attacks by combining two key innovations. First, on the basis of our assumptions, we employ two criteria: “the existence of a connection protocol” and “the inter-arrival time of an auth-packet and the next”. These criteria are not available, though, owing to the confidentiality and flexibility of the SSH protocol. Second, we resolve this problem by identifying “the transition point of each sub-protocol” through flow features and machine learning algorithms. We evaluate the effectiveness through experiments on real network traffic at the edges in campus networks. The experimental results show that our method provides high accuracy with acceptable computational complexity.
Journal: Journal of Information Security and Applications - Volume 21, April 2015, Pages 31–41