Stealthy SSH Dictionary Attack Detection based on Flow Analysis

• Project/Area Number: 25330154
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Research Field: Information security
• Research Institution: Kyushu Institute of Technology
• Principal Investigator: YUTAKA NAKAMURA 九州工業大学, 情報科学センター, 准教授 (40346317)
• Project Period (FY): 2013-04-01 – 2016-03-31
• Project Status: Completed (Fiscal Year 2015)
• Budget Amount: ¥4,810,000 (Direct Cost: ¥3,700,000、Indirect Cost: ¥1,110,000); Fiscal Year 2015: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000); Fiscal Year 2014: ¥1,430,000 (Direct Cost: ¥1,100,000、Indirect Cost: ¥330,000); Fiscal Year 2013: ¥1,820,000 (Direct Cost: ¥1,400,000、Indirect Cost: ¥420,000)
• Keywords: ネットワークセキュリティ / 総当たり攻撃 / SSH / SSH辞書攻撃 / 総当り攻撃 / フローの特徴 / トラヒック解析 / ネットワーク管理

Outline of Final Research Achievements

SSH brute force attack has become more seriously, so administrators are desired to implement its countermeasures. In the traditional ways, the SSH brute force attack has been detected by analyzing access logs and network traffic. However, the former way must check a huge quantity of the logs in all servers, and the latter cannot find victims of the attacks. To solve these problems, we propose SSH brute force attack detection based on the flow features analysis. As the experimental results, we showed to be able to identify the attacks and their victims.

Research Products

• [Journal Article] A New Approach to Identify User Authentication Methods toward SSH Dictionary Attack Detection (2015)
  • Author(s): Akihiro Satoh, Yutaka Nakamura, Takeshi Ikenaga
  • Journal Title: IEICE Transactions on Information and Systems Volume: E98.D Issue: 4 Pages: 760-768
  • DOI: 10.1587/transinf.2014ICP0005
  • NAID: 130005061863
  • ISSN: 0916-8532, 1745-1361
  • Peer Reviewed / Acknowledgement Compliant
• [Presentation] 九州工業大学・全学セキュアネットワークにおける無線LAN利用について (2016)
  • Author(s): 福田豊, 中村豊
  • Organizer: 情報処理学会インターネットと運用技術研究会
  • Place of Presentation: 佐賀県唐津市
  • Year and Date: 2016-03-03
• [Presentation] Identifying User Authentication Methods on Connections for SSH Dictionary Attack Detection (2013)
  • Author(s): Akihiro Satoh, Yutaka Nakamura, Takeshi Ikenaga
  • Organizer: Proceedings of IEEE 37th Annual Computer Software and Applications Conference
  • Place of Presentation: Kyoto
• [Presentation] Analysis for Identifying User Authentication Methods on SSH Connections (2013)
  • Author(s): Akihiro Satoh, Yutaka Nakamura, Takeshi Ikenaga
  • Organizer: Proceedings of The 2nd International Workshop on Smart Technologies for Energy, Information and Communication
  • Place of Presentation: Korea