Jae-Kook Lee ¹, Sung-Jun Kim ², Taeyoung Hong ²

Affiliations
1 Department of Supercomputing Infrastructure, KISTI, KP
2 Department of Supercomputing Infrastructure, KISTI, KOREA

Abstract

Background/Objectives: The brute-force attack is one of popular cyber security threats in the secure shell (SSH) service environment. The SANS Institute has warned about SSH brute-force attacks against remote services. Methods/Statistical Analysis: We describe two brute-force attack detection methods are applied in the High Performance Computing (HPC) service environment which has been operated by KISTI in KOREA. The first way parses failed authentication logs of systems. The second way analyze dropped events of network firewalls. Findings: We analyze SSH brute-force attacks that are detected applying these methods in our service environment. The analysis results show that SSH brute-force attacks are classified ‘1:N’ or ‘N:1’ types of attack between source and destination IP address. And a duration of attacks that is generally the time it takes to execute attacks keeps enough long times. Improvements/Applications: Two detection methods which are deployed in our HPC multi-user service environment are complementary to each other. These methods will be also able to apply for other service environment.

Keywords

Brute-force Attack, Cyber Attack Analysis, SSH, Supercomputer.

Full Text

   

Jae-Kook Lee ¹, Sung-Jun Kim ¹, Chan Yeol Park ¹, Joon Woo ¹

Affiliations
1 Korea Institute of Science and Technology Information, KR

Abstract

High speed and high capacity networks are critical for large scale (big) data services. In addition, security issues are even more important. KISTI (Korea Institute of Science and Technology Information) operates a variety of security facilities to provide secure supercomputing services to public users. A throughput of network firewalls affects entire trust networks. Because network firewalls act as the first line of defense against unwanted and malicious traffic flow between each networks. In this paper, we evaluate and compare the performance of two network firewalls are operated by KISTI in high speed networks and analyze results.

Keywords

High Speed Network, Network Firewall, Performance Evaluation, Security

Full Text

   

Jae-Kook Lee ¹, Joon Woo ¹, Jong-Hun An ²

Affiliations
1 Korea Institute of Science and Technology Information, KR
2 Korea Internet and Security Agency (KrCERT/CC0, KR

Abstract

Increasing popularity of the internet usage is causing many DDoS attacks such as 7.7 DDoS in 2009 and 3.4 DDoS in 2011 in South Korea. A DDoS attack is one of the simplest and most powerful cyber-attacks. DDoS attack is getting a huge problem because the unspecified individuals (called zombie PCs) are used in loading malicious codes while attacking a single site or system. Network security appliances such as IDSes (Intrusion Detection Systems) and DDoS attack prevention systems detect attacks by signature-based pattern matching. These appliances check the full data payload of packets to find abnormal signatures. Then reducing the packet inspection time is one of the most important challenges of improving the performance of these systems because pattern matching methods affect the total execution time. In this paper, we analyze network attack events are collected on two DDoS defense systems which are operated by KISA (KrCERT/CC) in Korea. Then we propose improved pattern matching method using multicore process.

Keywords

DDoS, Intrusion Detection System, Pattern Matching, OpenMP

Full Text