Author: Hynek, Karel; Beneš, Tomáš; Čejka, Tomáš; Kubátová, Hana
Title: Refined Detection of SSH Brute-Force Attackers Using Machine Learning Cord-id: utopoeow Document date: 2020_8_1
ID: utopoeow
Snippet: This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The co
Document: This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.
Search related documents:
Co phrase search for related documents- accuracy improve and additional information: 1, 2, 3, 4
- accurate detection and additional information: 1, 2
Co phrase search for related documents, hyperlinks ordered by date