Detecting Brute Force Attacks on SSH and FTP Protocol Using Machine Learning: A Survey
DOI:
https://doi.org/10.29304/jqcsm.2024.16.11432Keywords:
attack detection, brute force attack,, FTP, machine learning, SSHAbstract
The significance of detecting network traffic anomalies in cybersecurity cannot be overstated, especially given the increasing frequency and complexity of computer network attacks. As new Internet-related technologies emerge, so do more intricate attacks. One particularly daunting challenge is represented by dictionary-based brute-force attacks, which require effective real- time detection and mitigation methods. In this paper, we investigate Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network(SSH)and File Transfer Protocol is a standard network protocol used for the transfer of files from one host to another over a TCP-based network, such as the Internet (FTP) brute-force attack detection by using Our research focuses on using the machine learning approach to detect SSH and FTP brute-force attacks. A reasonably thorough investigation of machine learners' efficacy in identifying brute force assaults on SSH and FTP is made possible by employing several classifiers. Brute-force assaults are a popular and risky method of obtaining usernames and passwords. Applying ethical hacking is an excellent technique to examine the effects of a brute-force assault. This article discusses many defense strategies and approaches to using brute-force assaults. The pros and cons of several defense strategies are enumerated, along with information on which kind of assault is easiest to identify. we made use of machine learning classifiers: Naive Bayes, Random Forest, Logistic Regression, we determined that the Random Forest algorithm achieved the highest level with an accuracy the contribution lies in demonstrating the feasibility of training and evaluating basic Random Forest models with two independent variables to classify CSE-CIC-IDS2018 dataset.
Downloads
References
H. Sarker, A. S. M. Kayes, S. Badsha, H. Alqahtani, P. Watters, and A. Ng, “Cybersecurity data science: an overview from machine learning perspective,” J Big Data, vol. 7, pp. 1–29, 2020.
M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, “A survey of network-based intrusion detection data sets,” Comput Secur, vol. 86, pp. 147–167, 2019.
K. Kim, M. E. Aminanto, and H. C. Tanuwidjaja, Network intrusion detection using deep learning: a feature learning approach. Springer, 2018.
G. Apruzzese, M. Colajanni, L. Ferretti, A. Guido, and M. Marchetti, “On the effectiveness of machine and deep learning for cyber security,” in 2018 10th international conference on cyber Conflict (CyCon), IEEE, 2018, pp 371–390.
N. Bakhareva, A. Shukhman, A. Matveev, P. Polezhaev, Y. Ushakov, and L. Legashev, “Attack detection in enterprise networks by machine learning methods,” in 2019 international Russian automation conference (RusAutoCon), IEEE, 2019, pp. 1–6.
https://www.spiceworks.com/it-security/cyber-risk-management/articles/what-is-brute-force-attack/
https://rublon.com/blog/brute-force-dictionary-attack-difference/
J. Hancock, T. M. Khoshgoftaar, and J. L. Leevy, “Detecting SSH and FTP Brute Force Attacks in Big Data,” in Proceedings - 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021, Institute of Electrical and Electronics Engineers Inc.,2021, pp. 760–765. doi: 10.1109/ICMLA52953.2021.00126.
D. Stiawan, M. Idris, R. F. Malik, S. Nurmaini, N. Alsharif, and R. Budiarto, “Investigating brute force attack patterns in IoT network,” Journal of Electrical and Computer Engineering, vol. 2019, 2019.
M. M. Najafabadi, T. M. Khoshgoftaar, C. Kemp, N. Seliya, and R. Zuech, “Machine learning for detecting brute force attacks at the network level,” in 2014 IEEE International Conference on Bioinformatics and Bioengineering, IEEE2014, pp. 379–385.,
A. Satoh, Y. Nakamura, and T. Ikenaga, “SSH dictionary attack detection based on flow analysis,” in 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, IEEE, 2012, pp.
S. Kahara Wanjau, G. M. Wambugu, and G. Ndung’u Kamau, “SSH-Brute Force Attack Detection Model based on Deep Learning,” 2021. [Online]. Available: www.ijcat.com.
S. K. Wanjau, G. M. Wambugu, and G. N. Kamau, “SSH-brute force attack detection model based on deep learning,” 2021.
L. Zhou, X. Ouyang, H. Ying, L. Han, Y. Cheng, and T. Zhang, “Cyber-attack classification in smart grid via deep neural network,” in Proceedings of the 2nd international conference on computer science and application engineering, 2018, pp. 1–5
. M. D. Hossain, H. Ochiai, F. Doudou, and Y. Kadobayashi, “ssh and ftp brute-force attacks detection in computer networks: Lstm and machine learning approaches,” in 2020 5th international conference on computer and communication systems (ICCCS), IEEE, 2020, pp. 491–497.
N. Alotibi and M. Alshammari, “Deep Learning-based Intrusion Detection: A Novel Approach for Identifying Brute-Force .
Panwar, S. S., Negi, P. S., Panwar, L. S., & Raiwani, Y. P. (2019). Implementation of machine learning algorithms on cicids-2017 dataset for intrusion detection using WEKA. International Journal of Recent Technology and Engineering, 8(3), 2195–2207.
Hynek, K., Beneš, T., Čejka, T., & Kubátová, H. (2020). Refined detection of SSH brute-force attackers using machine learning. ICT Systems Security and Privacy Protection: 35th IFIP TC 11 International Conference, SEC 2020,Maribor, Slovenia, September 21–23, 2020, Proceedings 35, 49–63.
J. L. Leevy and T. M. Khoshgoftaar, “A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 Big Data. J. Big Data 7, 104 (2020).”
S. Kahara Wanjau, G. M. Wambugu, and G. Ndung’u Kamau, “SSH-Brute Force Attack Detection Model based on Deep Learning,” 2021. [Online]. Available: www.ijcat.com.
M. M. Najafabadi, T. M. Khoshgoftaar, C. Kemp, N. Seliya, and R. Zuech, “Machine learning for detecting brute force attacks at the network level,” in 2014 IEEE International Conference on Bioinformatics and Bioengineering,IEEE, 2014, pp. 379–385.
D. Stiawan, M. Idris, R. F. Malik, S. Nurmaini, N. Alsharif, and R. Budiarto, “Investigating brute force attack patterns in IoT network,” Journal of Electrical and Computer Engineering, vol. 2019,2019.
R. Vinayakumar, M. Alazab, K. Soman, P. Poornachandran, A. Al- Nemrat, and S. Venkatraman, „Deep learning approach for intelligent intrusion detection system‟, Ieee Access, vol. 7, pp. 41525–41550, 2019.
Y. Zeng, H. Gu, W. Wei, and Y. Guo, „$ Deep-Full-Range $: a deep learning based network encrypted traffic classification and intrusion detection framework‟, IEEE Access, vol. 7, pp. 45182–45190, 2019.
W. Wang et al., „HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection‟, IEEE access, vol. 6, pp. 1792–1806, 2017.
X. Jin, J. Zhou, H. Dong, W. Lou, J. Wang, and F. Wang, „Research on new military plotting system architecture based on AutoCAD secondary development‟, 2017, pp. 313–317.
E. Hodo et al., „Threat analysis of IoT networks using artificial neural network intrusion detection system‟, 2016, pp. 1–6.
C. Yin, Y. Zhu, J. Fei, and X. He, „A deep learning approach for intrusion detection using recurrent neural networks‟, Ieee Access, vol. 5,pp. 21954–21961, 2017.
T. H. T. Le, N. H. Tran, P. L. Vo, Z. Han, M. Bennis, and C. S. Hong,„Contract-based cache partitioning and pricing mechanism in wireless network slicing‟, 2017, pp. 1–6.
A. L. G. Rios, Z. Li, K. Bekshentayeva, and L. Trajković, „Detection of denial of service attacks in communication networks‟, 2020, pp. 1–5.
P. Lin, K. Ye, and C.-Z. Xu, „Dynamic network anomaly detection system by using deep learning techniques‟, 2019, pp. 161–176.
M. A. Khan and J. Kim, “Toward developing efficient Conv-AE-based intrusion detection system using heterogeneous dataset,” Electronics, vol. 9, no. 11, p. 1771, 2020.‟.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Amer Ali Hamza, Jumma s urayh Al-Janabi
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
