IB  Vol.3 No.1 , March 2011
Developing the Upgrade Detection and Defense System of SSH Dictionary-Attack for Multi-Platform Environment
ABSTRACT
Based on the improved algorithm for analyzing log and the detection and defense system of SSH Dictionary-Attack for Multi-Platform Environment (Su, Chen, Chung & Wu), we developed the upgrade detection and defense system of SSH Dictionary-Attack for Multi-Platform Environment. In this study, we introduced the current threats and the types of SSH Dictionary-Attack. Then, we explained the functions and differences between the current defense software and defense types of SSH Dictionary-Attack; and described the current system of SSH Dictionary-Attack for Multi-Platform Environment. Moreover, based on the study of Su, Chen, Chung and Wu, we improved the algorithm of analyzing log in order to increase the defense capability of SSH Dictionary-Attack. After that, we designed the upgrade detection and defense system of SSH Dictionary-Attack for Multi-Platform Environment. The contribution of this study is to provide the upgrade detection and defense system of SSH Dictionary-Attack which was to keep the functions of original system of SSH Dictionary-Attack, and to improve the effectiveness of the algorithm of analyzing log.

Cite this paper
nullY. Su, G. Chung and B. Wu, "Developing the Upgrade Detection and Defense System of SSH Dictionary-Attack for Multi-Platform Environment," iBusiness, Vol. 3 No. 1, 2011, pp. 65-70. doi: 10.4236/ib.2011.31011.
References
[1]   S. Garfinkel, G. Spafford. “Practical UNIX and Internet Security (3rd Ed.),” O’Reilly Media, 2003.

[2]   U.S.G.A.O. “Continued Federal Efforts Are Needed to Protect Critical Systems and Information,” 2009.

[3]   S. Christey and R. Martin, “Common Weakness Enumeration. Vulnerability Type Distributions in CVE,” May 22, 2007. Internet Available: http://cwe.mitre.org/docume nts/ vuln-trends/index.html

[4]   SANS Institute. “SANS Top-20 2007 Security Risks(2007 Annual Update)”, 2007. Internet Available: http://www.san s.org/top20/2007/

[5]   J. Owens and J. Matthews, “A Study of Passwords and Methods Used in Brute-Force Ssh Attacks,” Technical Report, Department of Computer Science, Clarkson University, 2008.

[6]   S. William, “Stallings: Network Security Essentials:Applications and Standards 2/E”, Pearson, 2005.

[7]   Y. N. Su and Y. H. Chen, ”Block Online Password Guessing Attacks to a SSH Service with Analyzing System Log Files,” Journal of Computer Science and Application, Vol. 5, No. 2, December 2009, pp.108-122.

[8]   Y. J. Hsueh, “A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack,” Master Thesis, Department of Asia-Pacific Industrial and Business Management, National University of Kaohsiung, Taiwan, 2009.

[9]   Y. N. Su, Y. H. Chen, G. H. Chung and B. J. H. Wu, “Developing a SSH Dictionary Attack Defense System in the Multi Platform Environment through the Analyzing Log”. International Conference on Internet Technology and Applications, China, 2010. doi:10.1109/ITAPP.2010.5566560

[10]   R. Corin, J. Doumen and S. Etalle, “Analysing Password Protocol Security Against Off-Line Dictionary Attacks,” Electronic Notes in Theoretical Computer Science, Vol. 121, No. 4, 2005, pp. 47-63. doi:10.1016/j.entcs.2004.10.007

[11]   D. M. Tsai, “Bird’s Linux: Basic Learning”, GrandTech, 2003.

[12]   R. Wichmann, “Defending against Brute Force Ssh Attacks”, 2008. Internet Available: http://la-samhna.de/library/brutessh.html

[13]   S. Shit, “The SSH/FTP Brute Force Blocker,” 2010, Internet Available: http://anp.ath.cx/sshit/

[14]   V. Goyal, et al., “A New Protocol to Counter Online Dictionary Attacks,” Computers & Security, Vol. 25, No. 2, 2006, pp. 114-120. doi:10.1016/j.cose.2005.09.003

 
 
Top