Detecting SSH identity theft in HPC cluster environments using Self-organizing maps

Detecting SSH identity theft in HPC cluster environments using Self-organizing maps

Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly differe...

Full description

Bibliographic Details
Main Author: Leufvén, Claes
Format: Others
Language:English
Published: Linköpings universitet, Institutionen för systemteknik 2006
Subjects:
SSH identity theft
cluster security
intrusion detection
Self organizing
Computer and Information Sciences
Data- och informationsvetenskap
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-6818
Description
Summary:Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.

Similar Items