使用k-clique渗透对SSH暴力攻击日志进行聚类

2016 International Conference on Information & Communication Technology and Systems (ICTS) Pub Date : 1900-01-01 DOI:10.1109/ICTS.2016.7910269

H. Studiawan, B. Pratomo, R. Anggoro

{"title":"使用k-clique渗透对SSH暴力攻击日志进行聚类","authors":"H. Studiawan, B. Pratomo, R. Anggoro","doi":"10.1109/ICTS.2016.7910269","DOIUrl":null,"url":null,"abstract":"The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.","PeriodicalId":177275,"journal":{"name":"2016 International Conference on Information & Communication Technology and Systems (ICTS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Clustering of SSH brute-force attack logs using k-clique percolation\",\"authors\":\"H. Studiawan, B. Pratomo, R. Anggoro\",\"doi\":\"10.1109/ICTS.2016.7910269\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.\",\"PeriodicalId\":177275,\"journal\":{\"name\":\"2016 International Conference on Information & Communication Technology and Systems (ICTS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Information & Communication Technology and Systems (ICTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICTS.2016.7910269\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Information & Communication Technology and Systems (ICTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTS.2016.7910269","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

对SSH服务的暴力攻击在服务器环境中仍然存在。现有的方法没有应用图论分析记录该攻击的认证日志。因此，我们将日志建模为图形，并提出k-clique渗透到集群auth.log文件中，以帮助系统管理员检查此事件。k-团渗透已经在生物网络的聚类中得到了证明，我们将把它应用到这个问题中。然后，我们提供了边缘去除机制，以分离生成的聚类并明确聚类输出。实验结果表明，该方法适用于SSH暴力攻击的原始日志聚类。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Clustering of SSH brute-force attack logs using k-clique percolation

The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference on Information & Communication Technology and Systems (ICTS)

自引率

0.00%

发文量