A flow-based detection method for stealthy dictionary attacks against Secure Shell

作     者：Satoh, Akihiro Nakamura, Yutaka Ikenaga, Takeshi 

作者机构：Kyushu Inst Technol Tobata Ku 1-1 Sensui Cho Kitakyushu Fukuoka 804 Japan 

出 版 物：《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 (J. Inf. Secur. Appl.)

年 卷 期：2015年第21卷第Apr.期

页      面：31-41页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Japan Society for the Promotion of Science Grants-in-Aid for Scientific Research Funding Source: KAKEN 

主　　题：ssh dictionary attack Flow analysis Network operation Machine learning algorithm 

摘      要：SANS has warned about the new variants of SSH dictionary attacks that are very stealthy in comparison with a simple attack. In this paper, we propose a new method to detect simple and stealthy attacks by combining two key innovations. First, on the basis of our assumptions, we employ two criteria: the existence of a connection protocol and the inter-arrival time of an auth-packet and the next. These criteria are not available, though, owing to the confidentiality and flexibility of the SSH protocol. Second, we resolve this problem by identifying the transition point of each sub-protocol through flow features and machine learning algorithms. We evaluate the effectiveness through experiments on real network traffic at the edges in campus networks. The experimental results show that our method provides high accuracy with acceptable computational complexity. (C) 2014 Elsevier Ltd. All rights reserved.