A flow-based detection method for stealthy dictionary attacks against Secure Shell

Alsaleh, 2012, Revisiting defenses against large-scale online password guessing attacks, IEEE Trans on Dependable and Secure Computing, 9, 128, 10.1109/TDSC.2011.24 Asai, 2011, Traffic causality graphs: profiling network applications through temporal and spatial causality of flows, 95 BlockHosts, http://www.aczoom.com/tools/blockhosts/. BruteForceBlocker, http://danger.rulez.sk/projects/bruteforceblocker/. Daigle, 2004 DenyHOSTS, http://denyhosts.sourceforge.net/. Goyal, 2006, A new protocol to counter online dictionary attacks, J Computers & Security, 25, 114, 10.1016/j.cose.2005.09.003 Guha, 2011, A Streaming statistical algorithm for detection of SSH keystroke packets in TCP connections, 73 Jain, 1999, Data clustering: a review, ACM Computing Surv, 31, 264, 10.1145/331499.331504 Kojoney, http://kojoney.sourceforge.net/. Moore, 2005 Owens, 2008 Ramsbrock, 2007, Profiling Attacker behavior following SSH compromises, 119 SANS Internet Storm Center, https://isc.sans.edu/diary/Distributed+SSH+Brute+Force+Attempts+on+the+rise+again/9031. Satoh, 2012, SSH dictionary attack detection based on flow analysis, 51 Song, 2001, Timing analysis of keystrokes and timing attacks on SSH, 25 Sperotto, 2009, Hidden markov model modeling of SSH Brute-Force attacks, Lecture Notes in Computer Science, 5841, 164, 10.1007/978-3-642-04989-7_13 Sperotto, 2010, An overview of IP flow-based intrusion detection, IEEE Commun Surv and Tutor, 12, 343, 10.1109/SURV.2010.032210.00054 SSHBLACK, http://sshblack.com. SSHGuard, http://www.sshguard.net/. Su, 2011, Developing the upgrade detection and defense system of SSH dictionary-attack for multi-platform environment, J iBusiness, 3, 65, 10.4236/ib.2011.31011 Takemori, 2009, Detection of NS resource record DNS resolution traffic, host search, and SSH dictionary attack activities, International Journal of Intelligent Engineering and Systems, 2, 35, 10.22266/ijies2009.1231.05 TeraTerm, http://sourceforge.jp/projects/ttssh2/. Thames, 2008, A distributed Active response architecture for preventing SSH dictionary attacks, 84 THC-Hydra, http://www.thc.org/thc-hydra/. Torgerson, 1952, Multidimensional Scaling: I. Theory and method, J Psychometrika, 17, 401, 10.1007/BF02288916 Tshark, http://www.wireshark.org/. Ward, 1963, Hierarchical grouping to optimize an objective function, J Amer Statist Assoc, 58, 236, 10.1080/01621459.1963.10500845 Wegman, 1972, Nonparametric probability density estimation, J Statist Comput Simulation, 1, 225, 10.1080/00949657208810017 Wright, 2006, Using visual motifs to classify encrypted traffic, 41 Ylonen, 2006 Ylonen, 2006 Ylonen, 2006