The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block t...The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block these cyberattacks completely,and all security policies need to consider the possibility of external attacks.Therefore,it is crucial to reduce external attacks through preventative measures.In general,since routers located in the upper part of a firewall can hardly be protected by security systems,they are exposed to numerous unblocked cyberattacks.Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability,block unauthorized access,and generate relevant logs.Most logs created through unauthorized access are caused by SSH brute-force attacks,and therefore IP data of the attack can be collected through the logs.This paper proposes a model to detect SSH brute-force attacks through their logs,collect their IP address,and control access from that IP address.In this paper,we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks.To do so,the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value.In addition,the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.展开更多
基金supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea(NRF-2019S1A5C2A04083374).
文摘The rapid advancement of IT technology has enabled the quick discovery,sharing and collection of quality information,but has also increased cyberattacks at a fast pace at the same time.There exists no means to block these cyberattacks completely,and all security policies need to consider the possibility of external attacks.Therefore,it is crucial to reduce external attacks through preventative measures.In general,since routers located in the upper part of a firewall can hardly be protected by security systems,they are exposed to numerous unblocked cyberattacks.Routers block unnecessary services and accept necessary ones while taking appropriate measures to reduce vulnerability,block unauthorized access,and generate relevant logs.Most logs created through unauthorized access are caused by SSH brute-force attacks,and therefore IP data of the attack can be collected through the logs.This paper proposes a model to detect SSH brute-force attacks through their logs,collect their IP address,and control access from that IP address.In this paper,we present a model that extracts and fragments the specific data required from the packets of collected routers in order to detect indiscriminate SSH input attacks.To do so,the model multiplies a user’s access records in each packet by weights and adds them to the blacklist according to a final calculated result value.In addition,the model can specify the internal IP of an attack attempt and defend against the first 29 destination IP addresses attempting the attack.