Date Thesis Awarded

5-2019

Access Type

Honors Thesis -- Access Restricted On-Campus Only

Degree Name

Bachelors of Science (BS)

Department

Computer Science

Advisor

James W. Deverick

Committee Members

James W. Deverick

Robert M. Lewis

Eric Walter

Abstract

SSH brute force attacks are a type of network attack in which an attacker tries to guess the username and password of a user on the Secure Shell protocol. This kind of attack is simple to perform, and the results from a successfully compromised system can lead to a number of destructive outcomes. Because of its simplicity and potential payout, large networks experience many instances of these attacks in their traffic, and current prevention methods rely heavily on per-machine logs that, in aggregate, take up a large amount of space. This paper explores the usage of machine learning algorithms in detecting and preventing these kinds of attacks as an alternative to the firewall techniques used today. We use three different classifiers - naïve Bayes, K-nearest neighbors, and decision trees - on a publicly available dataset of labeled network flows to try and classify unknown network flows into benign and SSH brute force categories. Our results show that machine learning is very well suited for this task, with all of our classifiers having accuracy scores of over 85% in the classification of our test data.

Recommended Citation

Shmagin, Dmytro, "Utilizing Machine Learning Classifiers to Identify SSH Brute Force Attacks" (2019). Undergraduate Honors Theses. William & Mary. Paper 1416.
https://scholarworks.wm.edu/honorstheses/1416