Abstract
Due to the increase in the number of network attacks, it has become essential to gain deeper insight into the malicious activities carried out by the attackers. In this paper, the authors have analysed malicious network traffic captured using a honeynet and provided a deeper understanding of brute-force attacks. Initially, the overall attack behaviour is known. Since the most attacked service was SSH, it was scrutinised to know more about distributed brute-force attacks. It is highly unlikely that the distributed brute-force attacks are from a single botnet. The authors have proposed a methodology to detect individual botnets from a set of password-guessing attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Calyptix. (2015). Top 7 network attack types in 2015. https://www.calyptix.com/top-threats/top-7-network-attack-types-in-2015-so-far.
McAfee. (2015). Mcafee labs threats report. https://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf.
Sadasivam, G., & Hota, C. (2015). Scalable honeypot architecture for identifying malicious network activities. In 2015 International Conference on Emerging Information Technology and Engineering Solutions (EITES) (pp. 27–31). https://doi.org/10.1109/eites.2015.15.
Spitzner, L. (2002). Honeypots: Tracking hackers. Addison-Wesley Longman Publishing Co.
Abdou, A., Barrera, D., & van Oorschot, P. C. (2016). What lies beneath? Analyzing automated SSH bruteforce attacks (pp. 72–91). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-29938-9_6. https://doi.org/10.1007/978-3-319-29938-9_6.
Owens, J., & Matthews, J. (2008). A study of passwords and methods used in brute-force SSH attacks. Technical Report. http://people.clarkson.edu/~jmatthew/publications/leet08.pdf.
Rabadia, P., & Valli, C. (2014). Finding evidence of wordlists being deployed against SSH honeypots—Implications and impacts. In 12th Australian Digital Forensics Conference (pp. 114–121). http://ro.ecu.edu.au/adf/141.
Sokol, P., & Kopčová, V. (2016). Lessons learned from correlation of honeypots’ data and spatial data. In 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI) (pp. 1–8). https://doi.org/10.1109/ecai.2016.7861111.
Javed, M., & Paxson, V. (2013). Detecting stealthy, distributed SSH brute-forcing. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 85–96). ACM.
Malecot, E. L., Hori, Y., Sakurai, K., Ryou, J. C., & Lee, H. (2008). (Visually) Tracking distributed SSH brute force attacks? In Proceedings of the 3rd International Joint Workshop on Information Security and Its Applications (IJWISA 2008) (pp. 1–8).
Saito, S., Maruhashi, K., Takenaka, M., & Torii, S. (2016). Topase: Detection and prevention of brute force attacks with disciplined IPs from IDs logs. Journal of Information Processing, 24(2), 217–226. https://doi.org/10.2197/ipsjjip.24.217.
Geolocation utilities (2017). https://www.maxmind.com.
Iana source port (2017). https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.
Kippo. https://www.cert.pl/en/news/single/in-depth-look-at-kippo-an-integration-perspective/.
Seifert, C. (2006). Analyzing malicious SSH login attempts. https://www.symantec.com/connect/articles/analyzing-malicious-ssh-login-attempts.
Hofstede, R., Hendriks, L., Sperotto, A., & Pras, A. (2014). SSH compromise detection using NetFlow/IPFIX. SIGCOMM Computer Communication Review, 44(5), 20–26. https://doi.org/10.1145/2677046.2677050. http://doi.acm.org/10.1145/2677046.2677050.
Hansteen, P. N. M. (2013). The Hail Mary Cloud data. http://bsdly.blogspot.in/2013/10/the-hail-mary-cloud-and-lessons-learned.html.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Sadasivam, G.K., Hota, C., Anand, B. (2018). Honeynet Data Analysis and Distributed SSH Brute-Force Attacks. In: Chakraverty, S., Goel, A., Misra, S. (eds) Towards Extensible and Adaptable Methods in Computing. Springer, Singapore. https://doi.org/10.1007/978-981-13-2348-5_9
Download citation
DOI: https://doi.org/10.1007/978-981-13-2348-5_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2347-8
Online ISBN: 978-981-13-2348-5
eBook Packages: Computer ScienceComputer Science (R0)