Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach

Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach

Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Br...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Abel Z. Agghey, Lunodzo J. Mwinuka, Sanket M. Pandhare, Mussa A. Dida, Jema D. Ndibwile
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
SSH
username enumeration
enumeration attack
password enumeration
brute-force attack
machine-learning
Mathematics
QA1-939
Acceso en línea:https://doaj.org/article/9c763430fd354a42aa6617531e7082cc
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:9c763430fd354a42aa6617531e7082cc
record_format dspace
spelling oai:doaj.org-article:9c763430fd354a42aa6617531e7082cc2021-11-25T19:07:28ZDetection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach10.3390/sym131121922073-8994https://doaj.org/article/9c763430fd354a42aa6617531e7082cc2021-11-01T00:00:00Zhttps://www.mdpi.com/2073-8994/13/11/2192https://doaj.org/toc/2073-8994Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list—obtained through a so-called an enumeration attack. In this paper, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed-environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (K-NN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improve when using ports information.Abel Z. AggheyLunodzo J. MwinukaSanket M. PandhareMussa A. DidaJema D. NdibwileMDPI AGarticleSSHusername enumerationenumeration attackpassword enumerationbrute-force attackmachine-learningMathematicsQA1-939ENSymmetry, Vol 13, Iss 2192, p 2192 (2021)
institution DOAJ
collection DOAJ
language EN
topic SSH
username enumeration
enumeration attack
password enumeration
brute-force attack
machine-learning
Mathematics
QA1-939
spellingShingle SSH
username enumeration
enumeration attack
password enumeration
brute-force attack
machine-learning
Mathematics
QA1-939
Abel Z. Agghey
Lunodzo J. Mwinuka
Sanket M. Pandhare
Mussa A. Dida
Jema D. Ndibwile
Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
description Over the last two decades (2000–2020), the Internet has rapidly evolved, resulting in symmetrical and asymmetrical Internet consumption patterns and billions of users worldwide. With the immense rise of the Internet, attacks and malicious behaviors pose a huge threat to our computing environment. Brute-force attack is among the most prominent and commonly used attacks, achieved out using password-attack tools, a wordlist dictionary, and a usernames list—obtained through a so-called an enumeration attack. In this paper, we investigate username enumeration attack detection on SSH protocol by using machine-learning classifiers. We apply four asymmetrical classifiers on our generated dataset collected from a closed-environment network to build machine-learning-based models for attack detection. The use of several machine-learners offers a wider investigation spectrum of the classifiers’ ability in attack detection. Additionally, we investigate how beneficial it is to include or exclude network ports information as features-set in the process of learning. We evaluated and compared the performances of machine-learning models for both cases. The models used are k-nearest neighbor (K-NN), naïve Bayes (NB), random forest (RF) and decision tree (DT) with and without ports information. Our results show that machine-learning approaches to detect SSH username enumeration attacks were quite successful, with KNN having an accuracy of 99.93%, NB 95.70%, RF 99.92%, and DT 99.88%. Furthermore, the results improve when using ports information.
format article
author Abel Z. Agghey
Lunodzo J. Mwinuka
Sanket M. Pandhare
Mussa A. Dida
Jema D. Ndibwile
author_facet Abel Z. Agghey
Lunodzo J. Mwinuka
Sanket M. Pandhare
Mussa A. Dida
Jema D. Ndibwile
author_sort Abel Z. Agghey
title Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
title_short Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
title_full Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
title_fullStr Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
title_full_unstemmed Detection of Username Enumeration Attack on SSH Protocol: Machine Learning Approach
title_sort detection of username enumeration attack on ssh protocol: machine learning approach
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/9c763430fd354a42aa6617531e7082cc
work_keys_str_mv AT abelzagghey detectionofusernameenumerationattackonsshprotocolmachinelearningapproach
AT lunodzojmwinuka detectionofusernameenumerationattackonsshprotocolmachinelearningapproach
AT sanketmpandhare detectionofusernameenumerationattackonsshprotocolmachinelearningapproach
AT mussaadida detectionofusernameenumerationattackonsshprotocolmachinelearningapproach
AT jemadndibwile detectionofusernameenumerationattackonsshprotocolmachinelearningapproach
_version_ 1718410294112288768

Ejemplares similares