University of Twente Student Theses
Flow-based SSH Dictionary Attack Detection: the Effects of Aggregation
Jonker, M. (2014) Flow-based SSH Dictionary Attack Detection: the Effects of Aggregation.
|
PDF
835kB |
| Abstract: | Many types of brute-force attacks are known to exhibit a characteristic flat behavior at the network-level, meaning that connections feature a similar number of packets and bytes, and duration. Flat traffic is usually caused by repeating similar application-layer actions, such as login attempts in a brute-force attack. This characteristic is used by many intrusion detection systems, both for identifying the presence of attacks and --~once detected~-- for observing deviations, pointing out potential compromises, for example. However, the flatness of network traffic may become indistinct when TCP retransmissions and control information come into play. In this paper, we show exactly that, based on an SSH attack case study. More specifically, we show that our approach dramatically improves the number of true detections of a state-of-the-art detection algorithm up to 20 percentage points, as well as increasing its accuracy -- at no cost for analysis applications. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/65855 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page