4 research outputs found
Detection and prevention of username enumeration attack on SSH protocol: machine learning approach
A Dissertation Submitted in Partial Fulfillment of the Requirement for the Degree of Master’s in Information System and Network Security of the Nelson Mandela African Institution of Science and TechnologyOver the last two decades (2000–2020), the Internet has rapidly evolved, resulting in
symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide.
With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to
our computing environment. Brute-force attack is among the most prominent and commonly
used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames
list – obtained through a so – called an enumeration attack. In this study, we investigate
username enumeration attack detection on SSH protocol by using machine-learning classifiers.
We apply four asymmetrical classifiers on our generated dataset collected from a closed environment network to build machine-learning-based models for attack detection. The use of
several machine-learners offers a wider investigation spectrum of the classifiers’ ability in
attack detection. Additionally, we investigate how beneficial it is to include or exclude network
ports information as features-set in the process of learning. We evaluated and compared the
performances of machine-learning models for both cases. The models used are k-nearest
neighbor (KNN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and
without ports information. Our results show that machine-learning approaches to detect SSH
username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%,
NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improved when using ports
information. The best selected model was then deployed into intrusion detection and prevention
system (IDS/IPS) to automatically detect and prevent username enumeration attack. Study also
recommends the use of Deep Learning in future studies
Técnicas de detección de ataques en un sistema SIEM (Security Information and Event Management)
Technology advance has achieved an almost entirely globalized world. New inventions are achieved at a speed that has revolutionized people’s pace of life. Information has become a very helpful and of great value resource. This has made the protection of information a demanded work. Globalization and the Internet have managed to maintain in contact to people all around the world.
Due to this progress cyber-attacks to networks have become a main objective for hackers that attempt to gain people credentials or not allowing the availability of network resources. System Information and Event Management (SIEM) have become the main defense against those attacks. How to detect attacks and prepare procedures and algorithms to protect information is the objective of this work that develops solutions when understanding theory and systems behind every cyber-attack.El avance de la tecnologÃa ha logrado un mundo casi enteramente globalizado. La velocidad con la que se consigue nuevos inventos ya sean digitales o no, ha revolucionado el ritmo de vida en la mayorÃa de las personas. La información se ha vuelto un recurso muy utilizado y de mucho valor, por lo que proteger dicha información se ha vuelto un trabajo muy demandado. La globalización y la interconectividad de redes (el Internet) han logrado mantener en contacto a seres humanos muy alejados unos de otros.
Debido a estos avances, los ataques informáticos a las redes se han vuelto objetivos por parte de atacantes que intentan conseguir información confidencial o no permitir la disponibilidad de recursos en la red. Los sistemas de información y manejo de eventos (SIEM por sus siglas en inglés) se han vuelto la defensa a estos ataques. Como detectar ataques y preparar procedimientos y algoritmos para proteger información es el objetivo de este trabajo que desarrolla soluciones a base de entender los sistemas y la teorÃa detrás de cada ataque informático