• Login
    View Item 
    •   NM-AIST Home
    • Computational and Communication Science Engineering
    • Masters Theses and Dissertations [CoCSE]
    • View Item
    •   NM-AIST Home
    • Computational and Communication Science Engineering
    • Masters Theses and Dissertations [CoCSE]
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Detection and prevention of username enumeration attack on SSH protocol: machine learning approach

    Thumbnail
    View/Open
    Full text (2.667Mb)
    Date
    2022-06
    Author
    Agghey, Abel
    Metadata
    Show full item record
    Abstract
    Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list – obtained through a so – called an enumeration attack. In this study, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (KNN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improved when using ports information. The best selected model was then deployed into intrusion detection and prevention system (IDS/IPS) to automatically detect and prevent username enumeration attack. Study also recommends the use of Deep Learning in future studies.
    URI
    https://doi.org/10.58694/20.500.12479/1628
    Collections
    • Masters Theses and Dissertations [CoCSE]

    Nelson Mandela-AIST copyright © 2021  DuraSpace
    Theme by 
    Atmire NV
     

     

    Browse

    All PublicationsCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    Nelson Mandela-AIST copyright © 2021  DuraSpace
    Theme by 
    Atmire NV