Go to EVS 2022 homepageDetection of stealthy single-source SSH password guessing attacks
Abstract: Many of the network services (protocols like SSH, Telnet, HTTP, and FTP) implement password-based authentication for accessing system resources. Malicious entities carry out password guessing attacks to exploit network services. Existing security tools detect aggressive password guessing attacks (i.e., a high number of login attempts in a short duration of time). In order to evade detection, the attackers are guessing the logins in a slow manner (for example, a login attempt every few minutes/hours/days). These attacks are called as stealthy password guessing attacks. These attacks have caused damage to the company’s servers and try to exploit vulnerable IoT devices. The current literature detects stealthy distributed password guessing attacks, but no attempt is made to detect stealthy single-source password guessing attacks. The authors have proposed a cluster-based approach to handle this problem. The model uses a data set obtained from a honeypot system. The clusters are well-formed (high-performance metric), validating the detection of these attacks.
0 Replies
Loading