A machine learning-based ssh protocol login status detection method

A login status and machine learning technology, applied in the field of network security, can solve problems such as missed reports and false positives of login status

Active Publication Date: 2021-12-07
COLASOFT
View PDF17 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to overcome the defects of the above-mentioned prior art, the present invention provides a machine learning-based SSH protocol login status detection method, which can effectively solve the false positives and missed negatives of the login status caused by differences in environment configurations and communication behaviors problem, to achieve a more accurate SSH login status identification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A machine learning-based ssh protocol login status detection method
  • A machine learning-based ssh protocol login status detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] see figure 1 , a machine learning-based SSH protocol login status detection method, comprising the following steps:

[0043] a. Construct the network traffic input by the training model, generate SSH network traffic through real network environment extraction and tool construction, including SSH-based SCP protocol and SFTP network traffic, and configure password authentication, public key authentication and keyboard interaction respectively SSH network traffic in authentication mode, generate single-session and multi-session SSH brute-force cracking traffic through public SSH brute force tools, use SSH tools to generate normal network traffic and abnormal network traffic, and use SFTP and SCP tools to generate normal network traffic and abnormal network flow;

[0044] b. Restore the traffic of successful login and failed login through the network traffic restoration method, and identify the login status of each SSH session, extract the SSH feature vector used for model...

Embodiment 2

[0049] see figure 1 and figure 2 , a machine learning-based SSH protocol login status detection method, comprising the following steps:

[0050] a. Construct the network traffic input by the training model, generate SSH network traffic through real network environment extraction and tool construction, including SSH-based SCP protocol and SFTP network traffic, and configure password authentication, public key authentication and keyboard interaction respectively SSH network traffic in authentication mode, generate single-session and multi-session SSH brute-force cracking traffic through public SSH brute force tools, use SSH tools to generate normal network traffic and abnormal network traffic, and use SFTP and SCP tools to generate normal network traffic and abnormal network flow;

[0051] b. Restore the traffic of successful login and failed login through the network traffic restoration method, and identify the login status of each SSH session, extract the SSH feature vector...

Embodiment 3

[0065] see figure 1 and figure 2 , a machine learning-based SSH protocol login status detection method, comprising the following steps:

[0066] a. Construct the network traffic input by the training model, generate SSH network traffic through real network environment extraction and tool construction, including SSH-based SCP protocol and SFTP network traffic, and configure password authentication, public key authentication and keyboard interaction respectively SSH network traffic in authentication mode, generate single-session and multi-session SSH brute-force cracking traffic through public SSH brute force tools, use SSH tools to generate normal network traffic and abnormal network traffic, and use SFTP and SCP tools to generate normal network traffic and abnormal network flow;

[0067] b. Restore the traffic of successful login and failed login through the network traffic restoration method, and identify the login status of each SSH session, extract the SSH feature vector...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a machine learning-based SSH protocol login state detection method, which belongs to the technical field of network security, and is characterized in that it comprises the following steps: a. Constructing the network flow input by the training model; b. The traffic is restored by the network traffic restoration method; c, the marked SSH feature vector is input into the SVM algorithm for training, and finally the SVM prediction model is established and deployed in the real environment; d, the SSH network traffic is restored by the network traffic restoration method, Extract the SSH feature vector in the real network traffic, and input the extracted SSH feature vector into the trained SVM prediction model to obtain the SSH login status recognition result. The present invention can effectively solve the problem of false positives and false negatives of login status caused by differences in environment configurations and communication behaviors, and realizes more accurate identification of SSH login status.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a machine learning-based SSH protocol login status detection method. Background technique [0002] SSH, the Secure Shell Protocol, is an encrypted network transmission protocol, usually used for remote management of Linux systems, capable of transmitting command line interfaces and remotely executing commands. Due to the popularity and importance of this protocol, traces of SSH usage can be seen in many network attack cases. Common network attacks include SSH brute force cracking, weak password login, and abnormal SSH login caused by account password leakage. [0003] In security monitoring devices such as firewalls, intrusion detection systems, and intrusion prevention systems, port identification, deep packet inspection, and dynamic flow inspection technologies are usually used to identify the protocol type and content in network traffic. The recovery and restoration ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/24G06N20/10G06K9/62
CPCH04L63/1425H04L43/18H04L41/147H04L41/145G06N20/10H04L63/168G06F18/214G06F18/2411
Inventor 徐文勇田红伟魏勇
Owner COLASOFT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap