Data analytics for modeling and visualizing attack behaviors: A case study on SSH brute force attacks

In this research, we explore a data analytics based approach for modeling and visualizing attack behaviors. To this end, we employ Self-Organizing Map and Association Rule Mining algorithms to analyze and interpret the behaviors of SSH brute force attacks and SSH normal traffic as a case study. The experimental results based on four different data sets show that the patterns extracted and interpreted from the SSH brute force attack data sets are similar to each other but significantly different from those extracted from the SSH normal traffic data sets. The analysis of the attack traffic provides insight into behavior modeling for brute force SSH attacks. Furthermore, this sheds light into how data analytics could help in modeling and visualizing attack behaviors in general in terms of data acquisition and feature extraction.

Keywords

data visualization, self-organizing feature maps, data analytics

Cite As

Yao, C., Luo, X., & Zincir-Heywood, A. N. (2017). Data analytics for modeling and visualizing attack behaviors: A case study on SSH brute force attacks. In 2017 IEEE Symposium Series on Computational Intelligence (SSCI) (pp. 1–8). https://doi.org/10.1109/SSCI.2017.8280913

Journal

2017 IEEE Symposium Series on Computational Intelligence

Rights

Publisher Policy

Source

Author

Type

Conference proceedings

Permanent Link

https://hdl.handle.net/1805/18511

DOI

https://doi.org/10.1109/SSCI.2017.8280913

Version

Author's manuscript

Collections

Open Access Policy Articles
Department of Computer and Information Science Works

Full item page