Realtime Risk Monitoring of SSH Brute Force Attacks

The Secure Shell (SSH) has served for years as the primary protocol to securely control networked remote devices. In particular, administrators of Linux and, to an increasing degree, also Windows operating systems with powerful rights capitalize on the speed and convenience of SSH. Consequentially, villains zero in on acquiring these mighty privileges, preferably by attempting a myriad of credentials until success or exhaustion. All known pertinent scientific resources limit themselves to compiling descriptive statistics or detecting such brute force attacks. The reviewed articles and papers neglect that each penetration attempt implies a differing hazard for an aim. This contribution bridges the gap by surveying relevant academical material and elaborating the blind spot of monitoring the risk of SSH brute force attacks in realtime. Beyond that, this document formally verifies the hazardously raised likeliness of SSH brute force attacks that knowingly or unwittingly use the same patterns as the passwords of their targets. Based on that, it presents a viable solution with a Condition Monitoring System (CMS) that monitors SSH brute force attacks and assesses their jeopardy in real time.