Skip to main content
SpringerLink
Log in

Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment

  • Published:
Journal of the Korean Physical Society Aims and scope Submit manuscript

Abstract

Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server’s unsuccessful access logs and the firewall’s drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. C. Y. Park, J. W. Yoon, T.-Y. Hong and J. Woo, J. Supercomp. Inform. 2, 15 (2014).

    Google Scholar 

  2. B. Y. Ahn, J. H. Jang, S. I. Ahn, M. I. Kim, N. R. On, J. H. Hong and S. Lee, Int. J. Multimed. Ubiquitous Eng. 9, 59 (2014).

    Article  Google Scholar 

  3. A. Satoh, Y. Nakamura and T. Ikenaga, J. Inform. Sec. 21, 31 (2015).

    Google Scholar 

  4. A. L. Barabási, Nature 435, 207 (2005).

    Article  ADS  Google Scholar 

  5. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer Protocol, RFC 4253 (2006).

  6. L. J. Tames, R. Abler and D. Keeling. IEEE Southeastcon 2008, 84 (2008).

    Google Scholar 

  7. Y.-N. Su, G.-H. Chung and B. J. Wu, Business 3, 65 (2011).

    Google Scholar 

  8. J.-K. Lee, S.-J. Kim, J. Woo and C. Y. Park, KIPS Trans. Comp. Commun. Sys. 4, 205 (2015).

    Article  Google Scholar 

  9. A. Sperotto, R. Sadre, P.-T. de Boer and A. Pras, DSOM 2009, LNCS 5841, 164 (2009).

    Google Scholar 

  10. A. Sperotto et al., Commun. Surveys Tutor. 12, 343 (2010).

    Article  Google Scholar 

  11. K. Takemori et al., Int. J. Intell. Eng. Sys. 2, 35 (2009).

    Google Scholar 

  12. P. Reynolds, Call Center Staffing (The Call Center School Press, Lebanon, Tennessee, 2003).

    Google Scholar 

  13. F. A. Haight, Handbook of the Poisson Distribution (Wiley, New York, 1967).

    MATH  Google Scholar 

  14. H. R. Anderson, Fixed Broadband Wireless System Design (Wiley, New York, 2003).

    Book  Google Scholar 

  15. S. D. Kleban and S. H. Clearwater, Supercomputing, 2003 ACM/IEEE Conference, 28 (Phoenix, Arizona, 2003)

    Google Scholar 

  16. V. Paxson and S. Floyd, IEEE/ACM Trans. Net. 3, 226 (1995).

    Article  Google Scholar 

  17. J. Masoliver, M. Montero and G. H. Weiss, Phys. Rev. E 67, 021112 (2003).

    Article  ADS  Google Scholar 

  18. R. D. Malmgren, D. B. Stouffer, A. S. L. O. Campanharo and L. A. N. Amaral, Science 325, 5948 (2009).

    Article  Google Scholar 

  19. H.-H. Jo, M. Karsai, J. Kertiész and K. Kaski, New J. Phys. 14, 013055 (2012).

    Article  ADS  Google Scholar 

  20. C. Labovitz, The Internet goes to war, https://asert. arbornetworks.com/the-internet-goes-to-war/(14 Dec 2010).

    Google Scholar 

  21. M. E. J. Newman. Contemp. Phys. 46, 323 (2005).

    Article  ADS  Google Scholar 

  22. U. Harder and M. Paczuski, Physica A 361, 329 (2004).

    Article  ADS  Google Scholar 

  23. A. Clauset, C. R. Shalizi and M. E. J. Newman, SIAM Rev. 51, 661 (2009).

    Article  ADS  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Supercomputer Infrastructure, Korea Institute of Science and Technology Information, Daejeon, 34141, Korea

    Jae-Kook Lee, Sung-Jun Kim, Chan Yeol Park & Taeyoung Hong

  2. Department of Computational Science and Engineering, Korea Institute of Science and Technology Information, Daejeon, 34141, Korea

    Huiseung Chae

Authors
  1. Jae-Kook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sung-Jun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chan Yeol Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taeyoung Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Huiseung Chae
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jae-Kook Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lee, JK., Kim, SJ., Park, C.Y. et al. Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment. Journal of the Korean Physical Society 69, 253–258 (2016). https://doi.org/10.3938/jkps.69.253

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3938/jkps.69.253

Keywords

Search

Navigation