eBiltegia

    • Euskara
    • Español
    • English
  • Contact Us
  • English 
    • Euskara
    • Español
    • English
  • About eBiltegia  
    • What is eBiltegia? 
    •   About eBiltegia
    •   Publish your research in open access
    • Open Access at MU 
    •   What is Open Science?
    •   Open Access institutional policy
    •   The Library compiles and disseminates your publications
  • Login
View Item 
  •   eBiltegia MONDRAGON UNIBERTSITATEA
  • Research - Articles
  • Articles - Engineering
  • View Item
  •   eBiltegia MONDRAGON UNIBERTSITATEA
  • Research - Articles
  • Articles - Engineering
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
Thumbnail
View/Open
Different approaches for the detection of SSH anomalous connections..pdf (379.8Kb)
Full record
Impact

Web of Science   

Google Scholar
Microsoft Academic
Share
Save the reference
Mendely
Title
Different approaches for the detection of SSH anomalous connections
Author
Zurutuza, Urko ccMondragon Unibertsitatea
Author (from another institution)
González, Silvia
Corchado, Emilio
Sedano, Javier
Herrero, Álvaro
Research Group
Análisis de datos y ciberseguridad
Published Date
2016
Publisher
Oxford Academic
Keywords
Secure Shell Protocol
SSH
Honeynet
Intrusion Detection
Classifier
Ensemble
Cross-Validation
Abstract
The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SS ... [+]
The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SSH service has been an appealing target for attackers, aiming to guess root passwords performing dictionary attacks or to directly exploit the service itself. To identify such situations, this article addresses the detection of SSH anomalous connections from an intrusion detection perspective. The main idea is to compare several strategies and approaches for a better detection of SSH-based attacks. To test the classification performance of different classifiers and combinations of them, SSH data coming from a real-world honeynet are gathered and analysed. For comparison purposes and to draw conclusions about data collection, both packet-based and flow data are analysed. A wide range of classifiers and ensembles are applied to these data, as well as different validation schemes for better analysis of the obtained results. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections. [-]
URI
http://hdl.handle.net/20.500.11984/5583
Publisher’s version
https://doi.org/10.1093/jigpal/jzv047
ISSN
1367-0751
Published at
Logic Journal of the IGPL  Vol. 24. Nº 1. Pp. 104–114. February, 2016
Document type
Article
Version
Postprint – Accepted Manuscript
Rights
© Oxford Academic 2016
Access
Open Access
Collections
  • Articles - Engineering [309]

Browse

All of eBiltegiaCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsResearch groupsPublished atThis CollectionBy Issue DateAuthorsTitlesSubjectsResearch groupsPublished at

My Account

LoginRegister

Statistics

View Usage Statistics

Harvested by:

OpenAIREBASE

Validated by:

OpenAIRERebiun
MONDRAGON UNIBERTSITATEA | Library
Contact Us | Send Feedback
DSpace
 

 

Harvested by:

OpenAIREBASE

Validated by:

OpenAIRERebiun
MONDRAGON UNIBERTSITATEA | Library
Contact Us | Send Feedback
DSpace