Title :
Identifying User Authentication Methods on Connections for SSH Dictionary Attack Detection
Author :
Satoh, A. ; Nakamura, Yoshihiko ; Ikenaga, Takeshi
Author_Institution :
Kyushu Inst. of Technol., Kitakyushu, Japan
Abstract :
A dictionary attack against SSH is a common security threat. Many published ways rely on network traffic to detect SSH dictionary attacks. This is because the connections of remote login, file transfer, and TCP/IP forwarding are visibly distinct from those of the attacks. However these ways incorrectly consider the connections of automated tasks as those of the attacks because of the mutual similarities. In this paper, we propose a new approach to identify user authentication methods on SSH connections and to remove connections that employ non-keystroke based authentication. This approach rests on two perspectives: (1) an SSH dictionary attack targets a host that provides keystroke based authentication, (2) automated tasks through SSH need to support non-keystroke based authentication. Thus, our proposal contributes to improvement in the detection accuracy of SSH dictionary attacks.
Keywords :
authorisation; computer network security; transport protocols; SSH connections; SSH dictionary attack detection; TCP-IP forwarding; file transfer; network traffic; nonkeystroke based authentication; remote login; security threat; user authentication methods; Accuracy; Authentication; Ciphers; Compression algorithms; Dictionaries; Protocols; Public key; Flow Analysis; Network Operation; SSH Dictionary Attack; User Authentication Method;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2013 IEEE 37th Annual
Conference_Location :
Japan
DOI :
10.1109/COMPSACW.2013.80
