Secure Socket Shell Bruteforce Attack Detection with Petri Net Modeling

Abstract

Secure Socket Shell exposes a secure interface for login to remote users. Password baseThis is a gentle reminder for today’s Teachers Day Celebration at Nalanda Auditorium at 04:00 PM.d authentication mechanism used by remote users is vulnerable to bruteforcing. In this attack an adversary systematically tries many passwords. These attacks can either be generated from a single source or collectively from a set of sources. In this paper we propose a method to detect such bruteforcing attacks and subsequently classify these attempts into three types as originating from single source, single domain and distributed attacks. We develop Petri-Net based model which identifies SSH connections corresponding to failed login attempts using network flow characteristics. The model also keeps track of sources of failed login attempts using which it subsequently labels a time interval as experiencing bruteforcing or not and if the interval is experiencing bruteforcing which type of attack it is. We experiment with network traffic collected from a production level server and also generated within a testbed setup and show that our model can detect attacks and also classify them. We also experiment with stealth attack variant where attacker keeps a low profile of attacks and suggest methods to handle such attack instances. IEEE