A Streaming Statistical Algorithm for Detection of SSH Keystroke Packets in TCP Connections

Guha, Saptarshi; Kidwell, Paul; Barthur, Ashrith; Cleveland, William S.; Gerth, John; Bullard, Carter

doi:10.1287/ics.2011.0036

Cited by 5 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Goyal et al (Goyal et al, 2006) improved an authentication protocol by adding fast one-way hash functions and challenge-response exchanges, and the protocol j o u r n a l o f i n f o r m a t i o n s e c u r i t y a n d a p p l i c a t i o n s x x x ( 2 0 1 4 ) 1 e1 1 was easy to implement without any infrastructural changes. Several sources (Guha et al, 2011;Song et al, 2001) estimated character strings entered by user's keystrokes. Here keystrokes were a part of typing in an SSH connection except its handshake; hence the algorithms were not applicable for detecting SSH dictionary attacks.…”

Section: Related Workmentioning

confidence: 99%

A flow-based detection method for stealthy dictionary attacks against Secure Shell

Satoh

Nakamura

Ikenaga

2015

Journal of Information Security and Applications

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

A flow-based detection method for stealthy dictionary attacks against Secure Shell

Satoh

Nakamura

Ikenaga

2015

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…D&R procedures and the D&R computational environment will be illustrated here by our analyses of large complex packet‐level Internet traffic data for research in network performance and cyber security (Xi et al ; Guha et al ; Anderson et al ). Each Internet communication is a connection between two hosts (computers).…”

Section: Dandr Illustrated: Internet Packet‐level Trafficmentioning

confidence: 99%

“…We have developed D&R in conjunction with our own analyses of large complex data, especially Internet traffic datasets (Hafen et al ; Xi et al ; Guha et al ; Anderson et al ). We have succeeded in the above two goals.…”

Section: Introductionmentioning

confidence: 99%

Large complex data: divide and recombine (D&R) with RHIPE

Guha

Hafen

Rounds

et al. 2012

Stat

Self Cite

View full text Add to dashboard Cite

D&R is a new statistical approach to the analysis of large complex data. The data are divided into subsets. Computationally, each subset is a small dataset. Analytic methods are applied to each of the subsets, and the outputs of each method are recombined to form a result for the entire data. Computations can be run in parallel with no communication among them, making them embarrassingly parallel, the simplest possible parallel processing. Using D&R, a data analyst can apply almost any statistical or visualization method to large complex data. Direct application of most analytic methods to the entire data is either infeasible, or impractical. D&R enables deep analysis: comprehensive analysis, including visualization of the detailed data, that minimizes the risk of losing important information. One of our D&R research thrusts uses statistics to develop “best” division and recombination procedures for analytic methods. Another is a D&R computational environment that has two widely used components, R and Hadoop, and our RHIPE merger of them. Hadoop is a distributed database and parallel compute engine that executes the embarrassingly parallel D&R computations across a cluster. RHIPE allows analysis wholly from within R, making programming with the data very efficient. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

“…We have employed the principles behind Trelliscope in many projects [12,22]. Here, we discuss three recent projects that have made direct use of the Trelliscope implementation.…”

Section: Applicationsmentioning

confidence: 99%

Trelliscope: A System for Detailed Visualization in the Deep Analysis of Large Complex Data

Hafen¹,

Gosink²,

McDermott³

et al. 2013

Self Cite

View full text Add to dashboard Cite

Figure 1: Screenshot of the Trelliscope viewer showing a display created during analysis of high intensity physics data. In the configuration shown, 6 panels are displayed per screen, which are sorted and filtered according the parameters specified in the cognostics pane. ABSTRACTTrelliscope emanates from the Trellis Display framework for visualization and the Divide and Recombine (D&R) approach to analyzing large complex data. In Trellis, the data are broken up into subsets, a visualization method is applied to each subset, and the display result is an array of panels, one per subset. This is a powerful framework for visualization of data, both small and large. In D&R, the data are broken up into subsets, and any analytic method from statistics and machine learning is applied to each subset independently. Then the outputs are recombined. This provides not only a powerful framework for analysis, but also feasible and practical computations using distributed computational facilities. It enables deep analysis of the data: study of both data summaries as well as the detailed data at their finest granularity. This is critical to full understanding of the data. It also enables the analyst to program using an interactive high-level language for data analysis such as R, which allows the analyst to focus more on the data and less on code. In this paper we introduce Trelliscope, a system that scales Trellis to large complex data. It provides a way to create displays with a very large number of panels and an interactive viewer that allows the analyst to sort, filter, and sample the panels in a meaningful way. We discuss the underlying principles, design, and scalable architecture of Trelliscope, and illustrate its use on three analysis projects in proteomics, high intensity physics, and power systems engineering.

show abstract

A Streaming Statistical Algorithm for Detection of SSH Keystroke Packets in TCP Connections

Cited by 5 publications

References 9 publications

A flow-based detection method for stealthy dictionary attacks against Secure Shell

A flow-based detection method for stealthy dictionary attacks against Secure Shell

Large complex data: divide and recombine (D&R) with RHIPE

Trelliscope: A System for Detailed Visualization in the Deep Analysis of Large Complex Data

Contact Info

Product

Resources

About