Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Brute-force Attacks Analysis against SSH in HPC Multi-user Service Environment


Affiliations
1 Department of Supercomputing Infrastructure, KISTI, Korea, Democratic People's Republic of
2 Department of Supercomputing Infrastructure, KISTI, KOREA
 

Background/Objectives: The brute-force attack is one of popular cyber security threats in the secure shell (SSH) service environment. The SANS Institute has warned about SSH brute-force attacks against remote services. Methods/Statistical Analysis: We describe two brute-force attack detection methods are applied in the High Performance Computing (HPC) service environment which has been operated by KISTI in KOREA. The first way parses failed authentication logs of systems. The second way analyze dropped events of network firewalls. Findings: We analyze SSH brute-force attacks that are detected applying these methods in our service environment. The analysis results show that SSH brute-force attacks are classified ‘1:N’ or ‘N:1’ types of attack between source and destination IP address. And a duration of attacks that is generally the time it takes to execute attacks keeps enough long times. Improvements/Applications: Two detection methods which are deployed in our HPC multi-user service environment are complementary to each other. These methods will be also able to apply for other service environment.

Keywords

Brute-force Attack, Cyber Attack Analysis, SSH, Supercomputer.
User

Abstract Views: 142

PDF Views: 0




  • Brute-force Attacks Analysis against SSH in HPC Multi-user Service Environment

Abstract Views: 142  |  PDF Views: 0

Authors

Jae-Kook Lee
Department of Supercomputing Infrastructure, KISTI, Korea, Democratic People's Republic of
Sung-Jun Kim
Department of Supercomputing Infrastructure, KISTI, KOREA
Taeyoung Hong
Department of Supercomputing Infrastructure, KISTI, KOREA

Abstract


Background/Objectives: The brute-force attack is one of popular cyber security threats in the secure shell (SSH) service environment. The SANS Institute has warned about SSH brute-force attacks against remote services. Methods/Statistical Analysis: We describe two brute-force attack detection methods are applied in the High Performance Computing (HPC) service environment which has been operated by KISTI in KOREA. The first way parses failed authentication logs of systems. The second way analyze dropped events of network firewalls. Findings: We analyze SSH brute-force attacks that are detected applying these methods in our service environment. The analysis results show that SSH brute-force attacks are classified ‘1:N’ or ‘N:1’ types of attack between source and destination IP address. And a duration of attacks that is generally the time it takes to execute attacks keeps enough long times. Improvements/Applications: Two detection methods which are deployed in our HPC multi-user service environment are complementary to each other. These methods will be also able to apply for other service environment.

Keywords


Brute-force Attack, Cyber Attack Analysis, SSH, Supercomputer.



DOI: https://doi.org/10.17485/ijst%2F2016%2Fv9i24%2F134547