{"title":"Clustering of SSH brute-force attack logs using k-clique percolation","authors":"H. Studiawan, B. Pratomo, R. Anggoro","doi":"10.1109/ICTS.2016.7910269","DOIUrl":null,"url":null,"abstract":"The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.","PeriodicalId":177275,"journal":{"name":"2016 International Conference on Information & Communication Technology and Systems (ICTS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Information & Communication Technology and Systems (ICTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICTS.2016.7910269","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
