Abstract
Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server’s unsuccessful access logs and the firewall’s drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.
Similar content being viewed by others
References
C. Y. Park, J. W. Yoon, T.-Y. Hong and J. Woo, J. Supercomp. Inform. 2, 15 (2014).
B. Y. Ahn, J. H. Jang, S. I. Ahn, M. I. Kim, N. R. On, J. H. Hong and S. Lee, Int. J. Multimed. Ubiquitous Eng. 9, 59 (2014).
A. Satoh, Y. Nakamura and T. Ikenaga, J. Inform. Sec. 21, 31 (2015).
A. L. Barabási, Nature 435, 207 (2005).
T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer Protocol, RFC 4253 (2006).
L. J. Tames, R. Abler and D. Keeling. IEEE Southeastcon 2008, 84 (2008).
Y.-N. Su, G.-H. Chung and B. J. Wu, Business 3, 65 (2011).
J.-K. Lee, S.-J. Kim, J. Woo and C. Y. Park, KIPS Trans. Comp. Commun. Sys. 4, 205 (2015).
A. Sperotto, R. Sadre, P.-T. de Boer and A. Pras, DSOM 2009, LNCS 5841, 164 (2009).
A. Sperotto et al., Commun. Surveys Tutor. 12, 343 (2010).
K. Takemori et al., Int. J. Intell. Eng. Sys. 2, 35 (2009).
P. Reynolds, Call Center Staffing (The Call Center School Press, Lebanon, Tennessee, 2003).
F. A. Haight, Handbook of the Poisson Distribution (Wiley, New York, 1967).
H. R. Anderson, Fixed Broadband Wireless System Design (Wiley, New York, 2003).
S. D. Kleban and S. H. Clearwater, Supercomputing, 2003 ACM/IEEE Conference, 28 (Phoenix, Arizona, 2003)
V. Paxson and S. Floyd, IEEE/ACM Trans. Net. 3, 226 (1995).
J. Masoliver, M. Montero and G. H. Weiss, Phys. Rev. E 67, 021112 (2003).
R. D. Malmgren, D. B. Stouffer, A. S. L. O. Campanharo and L. A. N. Amaral, Science 325, 5948 (2009).
H.-H. Jo, M. Karsai, J. Kertiész and K. Kaski, New J. Phys. 14, 013055 (2012).
C. Labovitz, The Internet goes to war, https://asert. arbornetworks.com/the-internet-goes-to-war/(14 Dec 2010).
M. E. J. Newman. Contemp. Phys. 46, 323 (2005).
U. Harder and M. Paczuski, Physica A 361, 329 (2004).
A. Clauset, C. R. Shalizi and M. E. J. Newman, SIAM Rev. 51, 661 (2009).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, JK., Kim, SJ., Park, C.Y. et al. Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment. Journal of the Korean Physical Society 69, 253–258 (2016). https://doi.org/10.3938/jkps.69.253
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3938/jkps.69.253