Abstract
Publicly shared hosts on the Internet appeal to well-behaving and mischievous clients in equal measure. Miscreants rapidly enumerate and attempt to capitalize on the hosts’ open ports. Specially Command-Line Interfaces (CLIs), such as Secure Shell (SSH), with odds of conquering unlimited permissions on such hosts allure culprits into conducting brute force attacks. Responsible personnel should not unclose SSH ports to the Internet unless inevitable. If opened, installable precautions, like anti-hammering, Intrusion Detection Systems (IDSs), or Intrusion Prevention Systems (IPSs), simply proffer protection with a rash of descriptive attack statistics. Beyond that, pertinent research assists with qualitative pattern-based realtime risk monitoring of SSH brute force attacks. This disquisition appraises such offenses’ danger more accurately than preceding methods with the support of a modified Bloom filter and attests the attained superiority over them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adrian, D., Durumeric, Z., Singh, G., Halderman, J.A.: Zippier ZMap: internet-wide scanning at 10 Gbps. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14). USENIX Association, San Diego (2014). https://www.usenix.org/conference/woot14/workshop-program/presentation/adrian
Aumüller, M., Christiani, T., Pagh, R., Silvestri, F.: Distance-sensitive hashing. In: Proceedings of the 37th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems, SIGMOD/PODS 2018, pp. 89–104. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3196959.3196976
Berardi, D., Callegati, F., Melis, A., Prandini, M.: Password similarity using probabilistic data structures. J. Cybersecur. Priv. 1(1), 78–92 (2021). https://doi.org/10.3390/jcp1010005
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970). https://doi.org/10.1145/362686.362692
Blumenthal, U., Wijnen, B.: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). RFC 3414 (Internet Standard) (2002). https://doi.org/10.17487/RFC3414
Case, J.D., Fedor, M., Schoffstall, M.L., Davin, J.R.: A Simple Network Management Protocol (SNMP). RFC 1157 (Historic) (1990). https://doi.org/10.17487/RFC1157
Cheng, N., Rocca, F.: An examination of the bloom filter and its application in preventing weak password choices. Int. J. Comput. Appl. Technol. Res. 6(4), 190–193 (2016). https://doi.org/10.7753/IJCATR0604.1004
Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 605–620. USENIX Association, Washington, D.C. (2013). https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric
Fahrnberger, G.: Reliable condition monitoring of telecommunication services with time-varying load characteristic. In: Negi, A., Bhatnagar, R., Parida, L. (eds.) ICDCIT 2018. LNCS, vol. 10722, pp. 173–188. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72344-0_14
Fahrnberger, G.: Outlier removal for the reliable condition monitoring of telecommunication services. In: 2019 20th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), pp. 240–246 (2019). https://doi.org/10.1109/PDCAT46702.2019.00052
Fahrnberger, G.: Threshold pair selection for the reliable condition monitoring of telecommunication services. In: Krieger, U.R., Eichler, G., Erfurth, C., Fahrnberger, G. (eds.) I4CS 2021. CCIS, vol. 1404, pp. 9–21. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75004-6_2
Fahrnberger, G.: Realtime risk monitoring of SSH brute force attacks. In: Phillipson, F., Eichler, G., Erfurth, C., Fahrnberger, G. (eds.) I4CS 2022. CCIS, vol. 1585, pp. 75–95. Springer Cham (2022). https://doi.org/10.1007/978-3-031-06668-9_8
Goswami, M., Pagh, R., Silvestri, F., Sivertsen, J.: Distance sensitive bloom filters without false negatives. In: Proceedings of the 2017 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 257–269. Society for Industrial and Applied Mathematics (2017). https://doi.org/10.1137/1.9781611974782.17
Kirsch, A., Mitzenmacher, M.: Distance-sensitive bloom filters. In: 2006 Proceedings of the Workshop on Algorithm Engineering and Experiments (ALENEX), pp. 41–50. Society for Industrial and Applied Mathematics (2006). https://doi.org/10.1137/1.9781611972863.4
Manber, U., Wu, S.: An algorithm for approximate membership checking with application to password security. Inf. Process. Lett. 50(4), 191–197 (1994). https://doi.org/10.1016/0020-0190(94)00032-8
Seifert, C.: Analyzing malicious SSH login attempts (2006). https://www.symantec.com/connect/articles/analyzing-malicious-ssh-login-attempts
Acknowledgments
Many thanks to Bettina Baumgartner from the University of Vienna for proofreading this paper!
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Fahrnberger, G. (2023). Bloom Filter-Based Realtime Risk Monitoring of SSH Brute Force Attacks. In: Krieger, U.R., Eichler, G., Erfurth, C., Fahrnberger, G. (eds) Innovations for Community Services. I4CS 2023. Communications in Computer and Information Science, vol 1876. Springer, Cham. https://doi.org/10.1007/978-3-031-40852-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-40852-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40851-9
Online ISBN: 978-3-031-40852-6
eBook Packages: Computer ScienceComputer Science (R0)