Go to DBLP homepageAttackers' Profiling Based on Multi-Attack Patterns in SSH Service
Abstract: In the realm of cyber security, profiling attackers’ behaviors provides critical insights that can enhance defensive strategies and improve the security of network services. This paper introduces a methodology for profiling attackers through the analysis of multi-attack patterns on Secure Shell (SSH) services. We develop a comprehensive framework that utilizes both predefined rule-based techniques and advance machine learning techniques to classify attack types and link them to specific attacker profiles. By analyzing logs from SSH services that comprise various SSH attack incidents, we identify common and distinct behavioral patterns that help in predicting future attacks and identifying the likely attributes of attackers. Our attacker profiling system addresses the five key ‘wh’ questions: who is causing the attack, when the attack occurred, how the attack was executed, from where the attack originated, and what type of attack was carried out. The results demonstrate that our appro
Loading