Skip to Main content Skip to Navigation
New interface
Conference papers

Refined Detection of SSH Brute-Force Attackers Using Machine Learning

Abstract : This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 22, 2021 - 3:31:11 PM
Last modification on : Monday, November 22, 2021 - 4:37:56 PM
Long-term archiving on: : Wednesday, February 23, 2022 - 7:56:04 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License




Karel Hynek, Tomáš Beneš, Tomáš Čejka, Hana Kubátová. Refined Detection of SSH Brute-Force Attackers Using Machine Learning. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.49-63, ⟨10.1007/978-3-030-58201-2_4⟩. ⟨hal-03440815⟩



Record views