All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Refined detection of SSH brute-force attackers using machine learning

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F20%3A10133296" target="_blank" >RIV/63839172:_____/20:10133296 - isvavai.cz</a>

  • Alternative codes found

    RIV/68407700:21240/20:00341783

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-030-58201-2_4" target="_blank" >http://dx.doi.org/10.1007/978-3-030-58201-2_4</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-030-58201-2_4" target="_blank" >10.1007/978-3-030-58201-2_4</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Refined detection of SSH brute-force attackers using machine learning

  • Original language description

    This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    20202 - Communication engineering and systems

Result continuities

  • Project

    <a href="/en/project/EF16_013%2F0001797" target="_blank" >EF16_013/0001797: CESNET E-Infrastructure - Modernisation</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    ICT Systems Security and Privacy Protection

  • ISBN

    978-3-030-58200-5

  • ISSN

    1868-4238

  • e-ISSN

  • Number of pages

    15

  • Pages from-to

    49-63

  • Publisher name

    Springer

  • Place of publication

    Švýcarsko

  • Event location

    Maribor

  • Event date

    Sep 21, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

A Flow-Level Taxonomy and Prevalence of Brute Force AttacksFeatures for Behavioral Anomaly Detection of Connectionless Network Buffer Overflow AttacksQoD: Ideas about Evaluating Quality of Datasets