Different approaches for the detection of SSH anomalous connections

Abstract: The Secure Shell Protocol (SSH) is a well-known standard protocol, mainly used for remotely accessing shell accounts on Unix-like operating systems to perform administrative tasks. As a result, the SSH service has been an appealing target for attackers, aiming to guess root passwords performing dictionary attacks or to directly exploit the service itself. To identify such situations, this article addresses the detection of SSH anomalous connections from an intrusion detection perspective. The main idea is to c… Show more

“…As it is a standard protocol for remote access on Unix and Linux servers, the SSH protocol is widely used for dictionary attacks to gain remote privileges to control vulnerable servers. This is what Gonzalez et al [23] claims in their experiment, where they tested different Ensemble methods (bagging, boosting, AdaBoost, MultiboostingAB, and Rotation Forest) to classify alerts from the Euskalert honeypot. The best results were with Bagging, where it was possible to measure a True Positive Rate of 99.93%.…”

A Comprehensive Survey on Ensemble Learning-Based Intrusion Detection Approaches in Computer Networks

“…As it is a standard protocol for remote access on Unix and Linux servers, the SSH protocol is widely used for dictionary attacks to gain remote privileges to control vulnerable servers. This is what Gonzalez et al [23] claims in their experiment, where they tested different Ensemble methods (bagging, boosting, AdaBoost, MultiboostingAB, and Rotation Forest) to classify alerts from the Euskalert honeypot. The best results were with Bagging, where it was possible to measure a True Positive Rate of 99.93%.…”

A Comprehensive Survey on Ensemble Learning-Based Intrusion Detection Approaches in Computer Networks