Identifying User Authentication Methods on Connections for SSH Dictionary Attack Detection

Author

Satoh, A. ; Nakamura, Yoshihiko ; Ikenaga, Takeshi

Author_Institution

Kyushu Inst. of Technol., Kitakyushu, Japan

fYear

2013

fDate

22-26 July 2013

Firstpage

593

Lastpage

598

Abstract

A dictionary attack against SSH is a common security threat. Many published ways rely on network traffic to detect SSH dictionary attacks. This is because the connections of remote login, file transfer, and TCP/IP forwarding are visibly distinct from those of the attacks. However these ways incorrectly consider the connections of automated tasks as those of the attacks because of the mutual similarities. In this paper, we propose a new approach to identify user authentication methods on SSH connections and to remove connections that employ non-keystroke based authentication. This approach rests on two perspectives: (1) an SSH dictionary attack targets a host that provides keystroke based authentication, (2) automated tasks through SSH need to support non-keystroke based authentication. Thus, our proposal contributes to improvement in the detection accuracy of SSH dictionary attacks.

Keywords

authorisation; computer network security; transport protocols; SSH connections; SSH dictionary attack detection; TCP-IP forwarding; file transfer; network traffic; nonkeystroke based authentication; remote login; security threat; user authentication methods; Accuracy; Authentication; Ciphers; Compression algorithms; Dictionaries; Protocols; Public key; Flow Analysis; Network Operation; SSH Dictionary Attack; User Authentication Method;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Software and Applications Conference Workshops (COMPSACW), 2013 IEEE 37th Annual

Conference_Location

Japan

Type

conf

DOI

10.1109/COMPSACW.2013.80

Filename

6605856