Finding evidence of wordlists being deployed against SSH Honeypots - implications and impacts

This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and are located on the same IPv4 /24 subnet work space, there is a variation between the numbers of activities recorded on each honeypots. Automated password guessing using wordlists is one technique employed by cyber criminals in attempts to gain access to devices on the Internet. The research suggests there is wide use of automated password tools and wordlists in attempts to gain access to the SSH honeypots, there are also a wide range of account types being probed

Extraction of patterns in selected network traffic for a precise and efficient intrusion detection approach

This thesis investigates a precise and efficient pattern-based intrusion detection approach by extracting patterns from sequential adversarial commands. As organisations are further placing assets within the cyber domain, mitigating the potential exposure of these assets is becoming increasingly imperative. Machine learning is the application of learning algorithms to extract knowledge from data to determine patterns between data points and make predictions. Machine learning algorithms have been used to extract patterns from sequences of commands to precisely and efficiently detect adversaries using the Secure Shell (SSH) protocol. Seeing as SSH is one of the most predominant methods of accessing systems it is also a prime target for cyber criminal activities. For this study, deep packet inspection was applied to data acquired from three medium interaction honeypots emulating the SSH service. Feature selection was used to enhance the performance of the selected machine learning algorithms. A pre-processing procedure was developed to organise the acquired datasets to present the sequences of adversary commands per unique SSH session. The preprocessing phase also included generating a reduced version of each dataset that evenly and coherently represents their respective full dataset. This study focused on whether the machine learning algorithms can extract more precise patterns efficiently extracted from the reduced sequence of commands datasets compared to their respective full datasets. Since a reduced sequence of commands dataset requires less storage space compared to the relative full dataset. Machine learning algorithms selected for this study were the Naïve Bayes, Markov chain, Apriori and Eclat algorithms The results show the machine learning algorithms applied to the reduced datasets could extract additional patterns that are more precise, compared to their respective full datasets. It was also determined the Naïve Bayes and Markov chain algorithms are more efficient at processing the reduced datasets compared to their respective full datasets. The best performing algorithm was the Markov chain algorithm at extracting more precise patterns efficiently from the reduced datasets. The greatest improvement in processing a reduced dataset was 97.711%. This study has contributed to the domain of pattern-based intrusion detection by providing an approach that can precisely and efficiently detect adversaries utilising SSH communications to gain unauthorised access to a system

Microstructure and mechanical behavior of metastable beta type titanium alloys

Current biomaterials such as stainless steel, Co-Cr alloys, commercially pure titanium and Ti-6Al- 4V either possess poor mechanical compatibility and/or produce toxic effects in the human body after several years of usage. Consequently, there is an enormous demand for long-lasting biomaterials which provide a better combination of mechanical, corrosion and biological properties. In addition to this, alloys used in high-strength applications possess either high-strength or large plasticity. However, a high-strength alloy should possess a better blend of both strength and plasticity when used in high-strength applications. Metastable β-titanium alloys are the best suited alloys for biomedical and high-strength applications because they demonstrate a wide range of superior mechanical, corrosion and biological properties. In this PhD study, the Ti-27Nb-7Fe-xCr (x = 0, 2, 4, 6, 8 wt%) alloys using inexpensive elements (Fe, Mn, Cr etc.) have been designed to check their suitability for biomedical applications, whereas the Ti-33Zr-xFe-yCr (x = 3, 5, 7 and y = 2, 4 wt%), Ti-35Zr-5Fe-xMn (x = 0, 2, 4, 6, 8 wt%) and Ti-xZr-7Fe-ySn (x = 25, 30, 35 and y = 2, 4 wt%) alloys have been designed to check their suitability for high-strength applications. Later, all the investigated alloys have been cast using a cold crucible levitation melting technique. In the Ti-27Nb-7Fe-xCr alloys, only 2 wt% quantity of Cr is enough to retain a single β phase. Young’s moduli of the Ti-27Nb-7Fe-xCr alloys decrease from 116 GPa (in Ti-27Nb-7Fe) to 72 GPa (in Ti-27Nb-7Fe-8Cr) as the β stability improves. The Ti-33Zr-xFe-yCr alloys, except Ti- 33Zr-3Fe-2Cr alloy, demonstrate a C15 type Laves phase and a dominating β phase. Moreover, the Ti-35Zr-5Fe-xMn and Ti-xZr-7Fe-ySn alloys show C14 type Laves and β phases. It is quite interesting to investigate the deformation and strength characteristics of hexagonal close-packed C14 and face-centered cubic C15 type Laves phases in the soft β matrix. Therefore, the deformation and strength characteristics of C14 phase in Ti-35Zr-5Fe-6Mn and C15 phase in Ti- 33Zr-7Fe-4Cr, considering the same volume fraction of Laves phase (~7.0%) have been evaluated and compared using a micro-indentation method. Remarkably, dislocation activity and plastic deformation features are evident in the C15 phase, whereas the C14 phase strongly blocks dislocation motion. The Ti-33Zr-xFe-yCr, Ti-35Zr-5Fe-xMn and Ti-xZr-7Fe-ySn alloys, designed for high-strength applications, demonstrate yield strength from 1048 to 1580 MPa, ultimate compressive strength from 1498 to 2140 MPa and plastic strain from 2.6 to 33.6%. Further, the appropriate variation in the volume fraction of Laves phase helps in achieving an improved trade-off between strength and plasticity. Moreover, fracture analyses have also been executed for the Ti-33Zr-xFe-yCr, Ti-35Zr- 5Fe-xMn and Ti-xZr-7Fe-ySn alloys. It has been found that the crack propagates along the corresponding Laves phase present in these alloys. The results of the investigated alloys suggest that Ti-27Nb-7Fe-8Cr is suitable for biomedical applications, whereas Ti-33Zr-7Fe-4Cr, Ti-35Zr- 5Fe-8Mn and Ti-35Zr-7Fe-2Sn are suitable for high-strength structural applications. This research is useful to understand the microstructure, mechanical and fracture behavior of titanium alloys used in industries such as biomedical, aerospace, automobile etc

Analysis into developing accurate and efficient intrusion detection approaches

Cyber-security has become more prevalent as more organisations are relying on cyber-enabled infrastructures to conduct their daily actives. Subsequently cybercrime and cyber-attacks are increasing. An Intrusion Detection System (IDS) is a cyber-security tool that is used to mitigate cyber-attacks. An IDS is a system deployed to monitor network traffic and trigger an alert when unauthorised activity has been detected. It is important for IDSs to accurately identify cyber-attacks against assets on cyber-enabled infrastructures, while also being efficient at processing current and predicted network traffic flows. The purpose of the paper is to outline the importance of developing an accurate and effective intrusion detection approach that can be deployed on an IDS. Further research aims to develop a hybrid data mining intrusion detection approach that uses Decision Tree classifications and Association Rules to extract rules using the classified data

A profile of prolonged, persistent SSH attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet

Patterns and Patter - An Investigation into SSH Activity Using Kippo Honeypots

This is an investigation of the activity detected on three honeypots that utilise the Kippo SSH honeypot system on VPS servers all on the same C class address. The systems ran on identical software bases and hardware configurations. The results are over the period 21st March 2013 until Tuesday 04 June 2013. The initial analysis covered in this paper examines behaviours and patterns detected of the attacking entities. The attack patterns were not consistent and there was large disparity in numbers and magnitude of attacks on all hosts. Some of these issues are explored in the paper

Antifungal activity of essential oils against Fluconazole resistant fungi

Pathogenic fungi like Candida albicans, Candida tropicalis and Trichophyton mentagrophytes are commonly encountered strains associated with a wide range of conditions including scalp infection, oral thrush, skin infection, and vaginal thrush. Unlike bacterial pathogens, fungal pathogens are difficult to control. Fluconazole is a commonly administered antifungal drug. The medical fraternity has been reporting an alarming increase in the development of resistance observed amongst fungal strains to Fluconazole. The present study involves screening of essential oils for their antifungal activity against Fluconazole resistant fungi. Essential oils of Black pepper, Cardamom, Cumin, Boswellia and Patcholi were selected for the study. The results indicated that all the oils inhibited fungal strains in varying degrees of dilutions. Essential oil of Boswellia was found to be the most effective in antifungal activity against Candida tropicalis and essential oil of Cardamom against Trichophyton mentagrophytes. To assess the effect of combination of essential oils with Fluconazole, synergistic action was also studied. The results indicated that essential oil of Boswellia and Fluconazole in combination acted as the most powerful antifungal agent against Candida tropicalis even at 1:10 dilution and 100μg/ml respectively. These results lead us to believe that active components present in essential oils should be a focus area of future in vivo research, especially in conjunction with existing antifungal drugs. The molecular mechanisms, mode of action, stability, toxicity, and efficacy of the active components isolated from essential oils need to be further studied and evaluated

Invited Paper - A Profile of Prolonged, Persistent SSH Attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet. Keywords: Cyber Security, SSH, Secure Shell, Honeypots, Kipp

Patterns and patter - An investigation into SSH activity using Kippo Honeypots

This is an investigation of the activity detected on three honeypots that utilise the Kippo SSH honeypot system on VPS servers all on the same C class address. The systems ran on identical software bases and hardware configurations. The results are over the period 21st March 2013 until Tuesday 04 June 2013. The initial analysis covered in this paper examines behaviours and patterns detected of the attacking entities. The attack patterns were not consistent and there was large disparity in numbers and magnitude of attacks on all hosts. Some of these issues are explored in the paper