Thumbnail
View/Open
Full record
Impact
Google Scholar
xmlui.dri2xhtml.METS-1.0.item-share
EmailLinkedinFacebookTwitter
Save the reference
Mendely

Zotero

untranslated

Mets

Mods

Rdf

Marc

Exportar a BibTeX
Title
Different approaches for the detection of SSH anomalous connections
Author
Author (from another institution)
Research Group
Análisis de datos y ciberseguridad
xmlui.dri2xhtml.METS-1.0.item-contributorOtherinstitution
Instituto Tecnológico de Castilla y León
https://ror.org/049da5t36
https://ror.org/02f40zc51
Version
http://purl.org/coar/version/c_ab4af688f83e57aa
Rights
© Oxford Academic 2016
Access
http://purl.org/coar/access_right/c_abf2
URI
https://hdl.handle.net/20.500.11984/5583
Publisher’s version
Published at
Logic Journal of the IGPL  Vol. 24. Nº 1. Pp. 104–114. February, 2016
xmlui.dri2xhtml.METS-1.0.item-publicationfirstpage
104
xmlui.dri2xhtml.METS-1.0.item-publicationlastpage
114
Publisher
Oxford Academic
Keywords
Secure Shell Protocol
SSH
Honeynet
Intrusion Detection ... [+]
Secure Shell Protocol
SSH
Honeynet
Intrusion Detection
Classifier
Ensemble
Cross-Validation [-]
Abstract
The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SS ... [+]
The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SSH service has been an appealing target for attackers, aiming to guess root passwords performing dictionary attacks or to directly exploit the service itself. To identify such situations, this article addresses the detection of SSH anomalous connections from an intrusion detection perspective. The main idea is to compare several strategies and approaches for a better detection of SSH-based attacks. To test the classification performance of different classifiers and combinations of them, SSH data coming from a real-world honeynet are gathered and analysed. For comparison purposes and to draw conclusions about data collection, both packet-based and flow data are analysed. A wide range of classifiers and ensembles are applied to these data, as well as different validation schemes for better analysis of the obtained results. The high-rate classification results lead to positive conclusions about the identification of malicious SSH connections. [-]
Collections