Open Access iconOpen Access

ARTICLE

crossmark

Network Log-Based SSH Brute-Force Attack Detection Model

by Jeonghoon Park1, Jinsu Kim1, B. B. Gupta2, Namje Park1,*

1 Department of Convergence Information Security, Graduate School, Jeju National University, Jeju, 63243, Korea
2 Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, 136119, India

* Corresponding Author: Namje Park. Email: email

(This article belongs to the Special Issue: Management of Security, Privacy and Trust of Multimedia Data in Mobile devices communication)

Computers, Materials & Continua 2021, 68(1), 887-901. https://doi.org/10.32604/cmc.2021.015172

Abstract

The rapid advancement of IT technology has enabled the quick discovery, sharing and collection of quality information, but has also increased cyberattacks at a fast pace at the same time. There exists no means to block these cyberattacks completely, and all security policies need to consider the possibility of external attacks. Therefore, it is crucial to reduce external attacks through preventative measures. In general, since routers located in the upper part of a firewall can hardly be protected by security systems, they are exposed to numerous unblocked cyberattacks. Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability, block unauthorized access, and generate relevant logs. Most logs created through unauthorized access are caused by SSH brute-force attacks, and therefore IP data of the attack can be collected through the logs. This paper proposes a model to detect SSH brute-force attacks through their logs, collect their IP address, and control access from that IP address. In this paper, we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks. To do so, the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value. In addition, the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.

Keywords


Cite This Article

APA Style
Park, J., Kim, J., Gupta, B.B., Park, N. (2021). Network log-based SSH brute-force attack detection model. Computers, Materials & Continua, 68(1), 887-901. https://doi.org/10.32604/cmc.2021.015172
Vancouver Style
Park J, Kim J, Gupta BB, Park N. Network log-based SSH brute-force attack detection model. Comput Mater Contin. 2021;68(1):887-901 https://doi.org/10.32604/cmc.2021.015172
IEEE Style
J. Park, J. Kim, B. B. Gupta, and N. Park, “Network Log-Based SSH Brute-Force Attack Detection Model,” Comput. Mater. Contin., vol. 68, no. 1, pp. 887-901, 2021. https://doi.org/10.32604/cmc.2021.015172

Citations




cc Copyright © 2021 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 4703

    View

  • 2451

    Download

  • 0

    Like

Share Link