Skip to main content
SpringerLink
Log in

Bloom Filter-Based Realtime Risk Monitoring of SSH Brute Force Attacks

  • Conference paper
  • First Online:
Innovations for Community Services (I4CS 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1876))

Included in the following conference series:

  • 186 Accesses

Abstract

Publicly shared hosts on the Internet appeal to well-behaving and mischievous clients in equal measure. Miscreants rapidly enumerate and attempt to capitalize on the hosts’ open ports. Specially Command-Line Interfaces (CLIs), such as Secure Shell (SSH), with odds of conquering unlimited permissions on such hosts allure culprits into conducting brute force attacks. Responsible personnel should not unclose SSH ports to the Internet unless inevitable. If opened, installable precautions, like anti-hammering, Intrusion Detection Systems (IDSs), or Intrusion Prevention Systems (IPSs), simply proffer protection with a rash of descriptive attack statistics. Beyond that, pertinent research assists with qualitative pattern-based realtime risk monitoring of SSH brute force attacks. This disquisition appraises such offenses’ danger more accurately than preceding methods with the support of a modified Bloom filter and attests the attained superiority over them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adrian, D., Durumeric, Z., Singh, G., Halderman, J.A.: Zippier ZMap: internet-wide scanning at 10 Gbps. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14). USENIX Association, San Diego (2014). https://www.usenix.org/conference/woot14/workshop-program/presentation/adrian

  2. Aumüller, M., Christiani, T., Pagh, R., Silvestri, F.: Distance-sensitive hashing. In: Proceedings of the 37th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems, SIGMOD/PODS 2018, pp. 89–104. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3196959.3196976

  3. Berardi, D., Callegati, F., Melis, A., Prandini, M.: Password similarity using probabilistic data structures. J. Cybersecur. Priv. 1(1), 78–92 (2021). https://doi.org/10.3390/jcp1010005

    Article  Google Scholar 

  4. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970). https://doi.org/10.1145/362686.362692

    Article  MATH  Google Scholar 

  5. Blumenthal, U., Wijnen, B.: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). RFC 3414 (Internet Standard) (2002). https://doi.org/10.17487/RFC3414

  6. Case, J.D., Fedor, M., Schoffstall, M.L., Davin, J.R.: A Simple Network Management Protocol (SNMP). RFC 1157 (Historic) (1990). https://doi.org/10.17487/RFC1157

  7. Cheng, N., Rocca, F.: An examination of the bloom filter and its application in preventing weak password choices. Int. J. Comput. Appl. Technol. Res. 6(4), 190–193 (2016). https://doi.org/10.7753/IJCATR0604.1004

    Article  Google Scholar 

  8. Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 605–620. USENIX Association, Washington, D.C. (2013). https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric

  9. Fahrnberger, G.: Reliable condition monitoring of telecommunication services with time-varying load characteristic. In: Negi, A., Bhatnagar, R., Parida, L. (eds.) ICDCIT 2018. LNCS, vol. 10722, pp. 173–188. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72344-0_14

    Chapter  Google Scholar 

  10. Fahrnberger, G.: Outlier removal for the reliable condition monitoring of telecommunication services. In: 2019 20th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), pp. 240–246 (2019). https://doi.org/10.1109/PDCAT46702.2019.00052

  11. Fahrnberger, G.: Threshold pair selection for the reliable condition monitoring of telecommunication services. In: Krieger, U.R., Eichler, G., Erfurth, C., Fahrnberger, G. (eds.) I4CS 2021. CCIS, vol. 1404, pp. 9–21. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75004-6_2

    Chapter  Google Scholar 

  12. Fahrnberger, G.: Realtime risk monitoring of SSH brute force attacks. In: Phillipson, F., Eichler, G., Erfurth, C., Fahrnberger, G. (eds.) I4CS 2022. CCIS, vol. 1585, pp. 75–95. Springer Cham (2022). https://doi.org/10.1007/978-3-031-06668-9_8

  13. Goswami, M., Pagh, R., Silvestri, F., Sivertsen, J.: Distance sensitive bloom filters without false negatives. In: Proceedings of the 2017 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 257–269. Society for Industrial and Applied Mathematics (2017). https://doi.org/10.1137/1.9781611974782.17

  14. Kirsch, A., Mitzenmacher, M.: Distance-sensitive bloom filters. In: 2006 Proceedings of the Workshop on Algorithm Engineering and Experiments (ALENEX), pp. 41–50. Society for Industrial and Applied Mathematics (2006). https://doi.org/10.1137/1.9781611972863.4

  15. Manber, U., Wu, S.: An algorithm for approximate membership checking with application to password security. Inf. Process. Lett. 50(4), 191–197 (1994). https://doi.org/10.1016/0020-0190(94)00032-8

    Article  MATH  Google Scholar 

  16. Seifert, C.: Analyzing malicious SSH login attempts (2006). https://www.symantec.com/connect/articles/analyzing-malicious-ssh-login-attempts

Download references

Acknowledgments

Many thanks to Bettina Baumgartner from the University of Vienna for proofreading this paper!

Author information

Authors and Affiliations

  1. University of Hagen, Hagen, North Rhine-Westphalia, Germany

    Günter Fahrnberger

Authors
  1. Günter Fahrnberger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Günter Fahrnberger .

Editor information

Editors and Affiliations

  1. University of Bamberg, Bamberg, Germany

    Udo R. Krieger

  2. Deutsche Telekom Technology and Innovation, Darmstadt, Germany

    Gerald Eichler

  3. University of Applied Sciences Jena, Jena, Germany

    Christian Erfurth

  4. University of Hagen, Hagen, Germany

    Günter Fahrnberger

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fahrnberger, G. (2023). Bloom Filter-Based Realtime Risk Monitoring of SSH Brute Force Attacks. In: Krieger, U.R., Eichler, G., Erfurth, C., Fahrnberger, G. (eds) Innovations for Community Services. I4CS 2023. Communications in Computer and Information Science, vol 1876. Springer, Cham. https://doi.org/10.1007/978-3-031-40852-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-40852-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-40851-9

  • Online ISBN: 978-3-031-40852-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation