Total views : 376
Brute-force Attacks Analysis against SSH in HPC Multi-user Service Environment
Background/Objectives: The brute-force attack is one of popular cyber security threats in the secure shell (SSH) service environment. The SANS Institute has warned about SSH brute-force attacks against remote services. Methods/Statistical Analysis: We describe two brute-force attack detection methods are applied in the High Performance Computing (HPC) service environment which has been operated by KISTI in KOREA. The first way parses failed authentication logs of systems. The second way analyze dropped events of network firewalls. Findings: We analyze SSH brute-force attacks that are detected applying these methods in our service environment. The analysis results show that SSH brute-force attacks are classified ‘1:N’ or ‘N:1’ types of attack between source and destination IP address. And a duration of attacks that is generally the time it takes to execute attacks keeps enough long times. Improvements/Applications: Two detection methods which are deployed in our HPC multi-user service environment are complementary to each other. These methods will be also able to apply for other service environment.
Brute-force Attack, Cyber Attack Analysis, SSH, Supercomputer.
- Ahn BY, Jang JH, Ahn SI, Kim MI, On NR, Hong JH, Lee S. Study of high performance computing activation strategy. International Journal of Multimedia and Ubiquitous Engineering. 2014 Jun; 9(6):59–66.
- Lee J-K, Kim S-J, Park CY. Performance Evaluation and Analysis of Network Firewalls in High Speed Network. Indian Journal of Science and Technology. 2015 Oct; 8(25):1–5
- Ylonen T, Lonvick C. The Secure Shell (SSH) Transport Layer Protocol. IETF RFC 4253, 2006.
- Thames JL, Abler R, Keeling D. A distributed active response architecture for preventing SSH dictionary attacks. IEEE SoutheastCon 2008. 2008 Apr; 84–9.
- Sperotto A, Sadre R, de Boer P-T, Pras A. Hidden Markov Model modeling of SSH brute-force attacks. Lecture Notes in Computer Science. 2009 Oct; 5841:164–76.
- Satoh A, Nakamura Y, Ikenaga T. A flow-based detection method for stealthy dictionary attacks against Secure Shell. Journal of Information Security and Applications. 2015 Apr; 21(C):31–41.
- Su Y-N, Chung G-H, Wu BJ. Developing the upgrade detection and defense system of SSH dictionary-attack for multi-platform environment. Journal of iBusiness. 2011 Mar; 3(1):65–70.
- Sperotto A, Schaffrath G, Sadre R, Morariu C, Pras A, Stiller B. An overview of IP flow-based intrusion detection. IEEE Communication Survey and Tutorial. 2010 Aug; 12(3):343–56.
- Lee J-K, Kim S-J, Woo J, Park C-Y. Analysis and Response of SSH Brute Force Attacks in Multi-user Computing Environment. KIPS Tran on Computer and Communication Systems. 2015 Jun; 4(6):205–12.
- Syslog-ng. Available from: https://syslog-ng.org. Date accessed: 06/12/2016.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.