SSHAA: A Python Package Index for visualizing features of SSH attacks with text mining in classification

Abstract

ABSTRACT With the proliferation of the Internet, the number of cyber-attacks has increased worldwide. To prevent cyber-attacks, network administrators need to use analytical tools to disclose six new critical statistics such as Internet Protocol (IP) authenticity and classification, IP ownership, frequency of attacks, time of day, day of the week, and country of attack. There are four SSH attack analysis tools available, but existing tools lack visualization and cannot provide the necessary attack statistics. This paper proposes SSHAA, the first open source PyPI analysis tool that meets the requirement. Text mining technology is used for extracting data from SSH log files, classifying IPs with identified country names and calculating a variety of statistics. PyPI allows SSHAA to run on Windows, MacOS, and Linux operating systems. This paper highlights how to debut a PyPI application using SSHAA which will be the world’s first tutorial in the security journals for maximum software dissemination. According to PePy, SSHAA has been downloaded 7668 times worldwide. The substantial number of downloads signifies the efficacy of the proposed tool. The proposed system offers ten functional statistics for SSH attack analysis. The six new functional statistics to information security are significant.