Clustering of SSH brute-force attack logs using k-clique percolation

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Citations (Scopus)

Abstract

The brute-force attacks to SSH service still persist in the server environments. The existing methods have not applied graph theory to analyze authentication log that records this attack. Therefore, we model the log as a graph and propose k-clique percolation to cluster auth.log file to assist the system administrators to inspect this incident. The k-clique percolation has proven in clustering of biological networks and we will deploy it to this problem. We then provide the mechanism for edge removal to separate the generated clusters and make clear the clustering outputs. The experimental results show that this approach is appropriate to cluster raw logs of SSH brute-force attacks.

Original languageEnglish
Title of host publicationProceedings of 2016 International Conference on Information and Communication Technology and Systems, ICTS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages39-42
Number of pages4
ISBN (Electronic)9781509013791
DOIs
Publication statusPublished - 24 Apr 2017
Event2016 International Conference on Information and Communication Technology and Systems, ICTS 2016 - Surabaya, Indonesia
Duration: 12 Oct 2016 → …

Publication series

NameProceedings of 2016 International Conference on Information and Communication Technology and Systems, ICTS 2016

Conference

Conference2016 International Conference on Information and Communication Technology and Systems, ICTS 2016
Country/TerritoryIndonesia
CitySurabaya
Period12/10/16 → …

Keywords

  • SSH brute-force attack
  • event log clustering
  • k-clique percolation

Fingerprint

Dive into the research topics of 'Clustering of SSH brute-force attack logs using k-clique percolation'. Together they form a unique fingerprint.

Cite this