Detection of SSH Password Guessing Attacks using Classification Algorithms

Abstract

The usage of SSH protocol has gained popularity among users due to its secure nature in recent times. Nevertheless, the SSH protocol can be susceptible to exploitation by hackers, who can access SSH servers without permission by exploiting vulnerabilities. SSH attacks cannot be completely detected using state-of-the-art security solutions like Firewall, Intrusion Detec- tion Systems, and so on. Malicious SSH traffic is created by malware and contains password guessing attacks. These attacks can result in compromising the security of servers and lead to the theft of private data. We aim to develop a robust and accurate SSH attack detection system that uses classification algorithms that can effectively differentiate between malicious SSH traffic and legitimate SSH traffic. In this paper, we have selected 14 classification algorithms like CNN, LSTM, Logistic regression, Deep Belief Networks, Auto Encoders, and so on. The process involves organising and preparing the data, extracting relevant features, and application of an ensemble learning approach with the selected classification algorithms. XGBoost is employed for model integration. The ensemble model achieves improved accuracy, successfully classifying between legitimate SSH traffic and SSH password guessing attacks.