Article ID Journal Published Year Pages File Type
457035 Journal of Information Security and Applications 2015 11 Pages PDF
Abstract

SANS has warned about the new variants of SSH dictionary attacks that are very stealthy in comparison with a simple attack. In this paper, we propose a new method to detect simple and stealthy attacks by combining two key innovations. First, on the basis of our assumptions, we employ two criteria: “the existence of a connection protocol” and “the inter-arrival time of an auth-packet and the next”. These criteria are not available, though, owing to the confidentiality and flexibility of the SSH protocol. Second, we resolve this problem by identifying “the transition point of each sub-protocol” through flow features and machine learning algorithms. We evaluate the effectiveness through experiments on real network traffic at the edges in campus networks. The experimental results show that our method provides high accuracy with acceptable computational complexity.

Related Topics
Physical Sciences and Engineering Computer Science Computer Networks and Communications
Authors
, , ,