Thumbnail Image
Item

Utilizing Machine Learning Classifiers to Identify SSH Brute Force Attacks

Shmagin, Dmytro
Abstract
SSH brute force attacks are a type of network attack in which an attacker tries to guess the username and password of a user on the Secure Shell protocol. This kind of attack is simple to perform, and the results from a successfully compromised system can lead to a number of destructive outcomes. Because of its simplicity and potential payout, large networks experience many instances of these attacks in their traffic, and current prevention methods rely heavily on per-machine logs that, in aggregate, take up a large amount of space. This paper explores the usage of machine learning algorithms in detecting and preventing these kinds of attacks as an alternative to the firewall techniques used today. We use three different classifiers - naïve Bayes, K-nearest neighbors, and decision trees - on a publicly available dataset of labeled network flows to try and classify unknown network flows into benign and SSH brute force categories. Our results show that machine learning is very well suited for this task, with all of our classifiers having accuracy scores of over 85% in the classification of our test data.
Description
Date
2019-05-01
Journal Title
Journal ISSN
Volume Title
Publisher
Collections
Undergraduate Honors Theses
Show all metadata
Download Dataset
Files
0-CoversheetWithSignatures.pdf
Adobe PDF88.79 KB
DmytroShmaginHonorsThesisFinal.pdf
Adobe PDF2.22 MB
Rights Holder
Usage License
Embargo
Research Projects
Organizational Units
Journal Issue
Keywords
Citation
Advisor
Deverick, James W.
Deverick, James W.
Lewis, Robert M.
Walter, Eric
Department
Computer Science
DOI
URI
https://scholarworks.wm.edu/handle/internal/10819
Embedded videos