Data Analytics for Modeling and Visualizing Attack Behaviors: A Case Study on SSH Brute Force Attacks

被引:0
|
作者
Yao, Chengchao [1 ]
Luo, Xiao [2 ]
Zincir-Heywood, A. Nur [1 ]
机构
[1] Dalhousie Univ, Fac Comp Sci, Halifax, NS, Canada
[2] Indiana Univ Purdue Univ, Purdue Sch Engn & Technol, Indianapolis, IN 46202 USA
来源
2017 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (SSCI) | 2017年
基金
加拿大自然科学与工程研究理事会;
关键词
NETWORK;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
In this research, we explore a data analytics based approach for modeling and visualizing attack behaviors. To this end, we employ Self-Organizing Map and Association Rule Mining algorithms to analyze and interpret the behaviors of SSH brute force attacks and SSH normal traffic as a case study. The experimental results based on four different data sets show that the patterns extracted and interpreted from the SSH brute force attack data sets are similar to each other but significantly different from those extracted from the SSH normal traffic data sets. The analysis of the attack traffic provides insight into behavior modeling for brute force SSH attacks. Furthermore, this sheds light into how data analytics could help in modeling and visualizing attack behaviors in general in terms of data acquisition and feature extraction.
引用
收藏
页码:3573 / 3580
页数:8
相关论文
共 50 条
  • [1] Detecting SSH and FTP Brute Force Attacks in Big Data
    Hancock, John
    Khoshgoftaar, Taghi M.
    Leevy, Joffrey L.
    [J]. 20TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA 2021), 2021, : 760 - 765
  • [2] A case study on the SSH brute force dictionary attack on information technology labs
    Mohammed, Tijjani
    Toderick, Lee
    Ozan, Erol
    Lunsford, Phil
    [J]. IMSCI '07: INTERNATIONAL MULTI-CONFERENCE ON SOCIETY, CYBERNETICS AND INFORMATICS, VOL 2, PROCEEDINGS, 2007, : 190 - 195
  • [3] Hidden Markov Model Modeling of SSH Brute-Force Attacks
    Sperotto, Anna
    Sadre, Ramin
    de Boer, Pieter-Tjerk
    Pras, Aiko
    [J]. INTEGRATED MANAGEMENT OF SYSTEMS, SERVICES, PROCESSES AND PEOPLE IN IT, PROCEEDINGS, 2009, 5841 : 164 - 176
  • [4] Detection of SSH Brute Force Attacks Using Aggregated Netflow Data
    Najafabadi, Maryam M.
    Khoshgoftaar, Taghi M.
    Calvert, Chad
    Kemp, Clifford
    [J]. 2015 IEEE 14TH INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA), 2015, : 283 - 288
  • [5] Realtime Risk Monitoring of SSH Brute Force Attacks
    Fahrnberger, Guenter
    [J]. INNOVATIONS FOR COMMUNITY SERVICES, I4CS 2022, 2022, 1585 : 75 - 95
  • [6] CAUDIT: Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks
    Cao, Phuong M.
    Wu, Yuming
    Banerjee, Subho S.
    Azoff, Justin
    Withers, Alexander
    Kalbarczyk, Zbigniew T.
    Iyer, Ravishankar K.
    [J]. PROCEEDINGS OF THE 16TH USENIX SYMPOSIUM ON NETWORKED SYSTEMS DESIGN AND IMPLEMENTATION, 2019, : 667 - 682
  • [7] Modelling and visualising SSH brute force attack behaviours through a hybrid learning framework
    Luo X.
    Yao C.
    Zincir-Heywood A.N.
    [J]. International Journal of Information and Computer Security, 2021, 16 (1-2) : 170 - 191
  • [8] Network Log-Based SSH Brute-Force Attack Detection Model
    Park, Jeonghoon
    Kim, Jinsu
    Gupta, B. B.
    Park, Namje
    [J]. CMC-COMPUTERS MATERIALS & CONTINUA, 2021, 68 (01): : 887 - 901
  • [9] Clustering of SSH Brute-Force Attack Logs Using k-Clique Percolation
    Studiawan, Hudan
    Pratomo, Baskoro Adi
    Anggoro, Radityo
    [J]. PROCEEDINGS OF 2016 INTERNATIONAL CONFERENCE ON INFORMATION & COMMUNICATION TECHNOLOGY AND SYSTEMS (ICTS), 2016, : 39 - 42
  • [10] SSH and FTP brute-force Attacks Detection in Computer Networks: LSTM and Machine Learning Approaches
    Hossain, Md Delwar
    Ochiai, Hideya
    Doudou, Fall
    Kadobayashi, Youki
    [J]. 2020 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS (ICCCS 2020), 2020, : 491 - 497
12345