Author: Hynek, Karel; Beneš, Tomáš; Čejka, Tomáš; Kubátová, Hana
Title: Refined Detection of SSH Brute-Force Attackers Using Machine Learning Cord-id: utopoeow Document date: 2020_8_1
ID: utopoeow
Snippet: This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The co
Document: This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.
Search related documents:
Co phrase search for related documents- accuracy achieve and long term memory: 1, 2, 3, 4, 5, 6
- accuracy achieve and low information: 1, 2
- accuracy achieve and machine learning: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36
- accuracy achieve and machine ml learning: 1, 2, 3, 4
- accuracy improve and additional information: 1, 2, 3, 4
- accuracy improve and long term memory: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
- accuracy improve and low information: 1
- accuracy improve and machine learning: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69
- accuracy improve and machine ml learning: 1, 2, 3, 4, 5
Co phrase search for related documents, hyperlinks ordered by date