Simple record

dc.contributor.authorZurutuza, Urko
dc.contributor.otherGonzález, Silvia
dc.contributor.otherCorchado, Emilio
dc.contributor.otherSedano, Javier
dc.contributor.otherHerrero, Álvaro
dc.date.accessioned2022-05-23T14:58:52Z
dc.date.available2022-05-23T14:58:52Z
dc.date.issued2016
dc.identifier.issn1367-0751en
dc.identifier.issn1368-9894en
dc.identifier.otherhttps://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=116640en
dc.identifier.urihttps://hdl.handle.net/20.500.11984/5583
dc.description.abstractThe Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SSH service has been an appealing target for attackers, aiming to guess root passwords performing dictionary attacks or to directly exploit the service itself. To identify such situations, this article addresses the detection of SSH anomalous connections from an intrusion detection perspective. The main idea is to compare several strategies and approaches for a better detection of SSH-based attacks. To test the classification performance of different classifiers and combinations of them, SSH data coming from a real-world honeynet are gathered and analysed. For comparison purposes and to draw conclusions about data collection, both packet-based and flow data are analysed. A wide range of classifiers and ensembles are applied to these data, as well as different validation schemes for better analysis of the obtained results. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections.en
dc.language.isoengen
dc.publisherOxford Academicen
dc.rights© Oxford Academic 2016en
dc.subjectSecure Shell Protocolen
dc.subjectSSHen
dc.subjectHoneyneten
dc.subjectIntrusion Detectionen
dc.subjectClassifieren
dc.subjectEnsembleen
dc.subjectCross-Validationen
dc.titleDifferent approaches for the detection of SSH anomalous connectionsen
dcterms.accessRightshttp://purl.org/coar/access_right/c_abf2en
dcterms.sourceLogic Journal of the IGPLen
local.contributor.groupAnálisis de datos y ciberseguridades
local.description.peerreviewedtrueen
local.description.publicationfirstpage104en
local.description.publicationlastpage114en
local.identifier.doihttps://doi.org/10.1093/jigpal/jzv047en
local.contributor.otherinstitutionInstituto Tecnológico de Castilla y Leónes
local.contributor.otherinstitutionhttps://ror.org/049da5t36es
local.contributor.otherinstitutionhttps://ror.org/02f40zc51es
local.source.detailsVol. 24. Nº 1. Pp. 104–114. February, 2016en
oaire.format.mimetypeapplication/pdf
oaire.file$DSPACE\assetstore
oaire.resourceTypehttp://purl.org/coar/resource_type/c_6501en
oaire.versionhttp://purl.org/coar/version/c_ab4af688f83e57aaen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Simple record