The Experts below are selected from a list of 25161 Experts worldwide ranked by ideXlab platform
Dennis Arturo Ludena Romana - One of the best experts on this subject based on the ideXlab platform.
-
Evaluation of DNS based SSH dictionary attack traffic in Campus Network
International Journal of Intelligent Engineering and Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena RomanaAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially those providing SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, (3) the variance can change in a sharp manner through 07:30-08:30, (4) we developed a couple of DNS based SSH detection technologies by employing the PTR RR DNS query request packet traffic variance- and the DNS query keywords Euclid distance based methods, and (5) we evaluated and compared the both detection rates. As a result, although the both detection technologies take high detection rates, the Euclid distance based detection technology can take a low false positive rate than that of the variance based one, indicating that we can detect the inbound SSH dictionary attack to the Network server in the Campus Network by observing the total PTR RR DNS query request packet traffic from the Campus Network.
-
SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network
2010 Third International Conference on Intelligent Networks and Intelligent Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena Romana, Shinichiro Kubota, Kazuya Takemori, Kenichi SugitaniAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the Network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the Network servers in the Campus Network.
-
DNS Based Detection of SSH Dictionary Attack in Campus Network
2009Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Kenichi Sugitani, Shinichiro Kubota, Masaya Kumagai, Kazuya Takemori, Tsuyoshi Usagawa, Toshinori SueyoshiAbstract:We statistically investigated the DNS query access traffic from a university Campus Network toward the top domain DNS through March 14th, 2009, when the hosts in the Campus Network were under inbound SSH dictionary brute force attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour -1 , through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords (payloads of the packets), and (3) the former keyword is a fully qualified domain name (FQDN) and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the Campus Network.
Masaya Kumagai - One of the best experts on this subject based on the ideXlab platform.
-
Evaluation of DNS based SSH dictionary attack traffic in Campus Network
International Journal of Intelligent Engineering and Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena RomanaAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially those providing SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, (3) the variance can change in a sharp manner through 07:30-08:30, (4) we developed a couple of DNS based SSH detection technologies by employing the PTR RR DNS query request packet traffic variance- and the DNS query keywords Euclid distance based methods, and (5) we evaluated and compared the both detection rates. As a result, although the both detection technologies take high detection rates, the Euclid distance based detection technology can take a low false positive rate than that of the variance based one, indicating that we can detect the inbound SSH dictionary attack to the Network server in the Campus Network by observing the total PTR RR DNS query request packet traffic from the Campus Network.
-
SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network
2010 Third International Conference on Intelligent Networks and Intelligent Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena Romana, Shinichiro Kubota, Kazuya Takemori, Kenichi SugitaniAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the Network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the Network servers in the Campus Network.
-
DNS Based Detection of SSH Dictionary Attack in Campus Network
2009Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Kenichi Sugitani, Shinichiro Kubota, Masaya Kumagai, Kazuya Takemori, Tsuyoshi Usagawa, Toshinori SueyoshiAbstract:We statistically investigated the DNS query access traffic from a university Campus Network toward the top domain DNS through March 14th, 2009, when the hosts in the Campus Network were under inbound SSH dictionary brute force attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour -1 , through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords (payloads of the packets), and (3) the former keyword is a fully qualified domain name (FQDN) and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the Campus Network.
Chen Gencai - One of the best experts on this subject based on the ideXlab platform.
-
a Campus Network design based on new avoiding Network embezzlement and account mechanism
Computer Engineering, 2003Co-Authors: Chen GencaiAbstract:The rule in CERNET that user's feedepends on data flow, which brings difficulty to Campus Network management. The technology used to avoid Network e mbezzlement and user account in Campus Network has defects and its effect is n ot ideal. This paper puts forward new design, which has good balance in perform anc e, security and cost facts.
Kenichi Sugitani - One of the best experts on this subject based on the ideXlab platform.
-
SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network
2010 Third International Conference on Intelligent Networks and Intelligent Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena Romana, Shinichiro Kubota, Kazuya Takemori, Kenichi SugitaniAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the Network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the Network servers in the Campus Network.
-
DNS Based Detection of SSH Dictionary Attack in Campus Network
2009Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Kenichi Sugitani, Shinichiro Kubota, Masaya Kumagai, Kazuya Takemori, Tsuyoshi Usagawa, Toshinori SueyoshiAbstract:We statistically investigated the DNS query access traffic from a university Campus Network toward the top domain DNS through March 14th, 2009, when the hosts in the Campus Network were under inbound SSH dictionary brute force attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour -1 , through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords (payloads of the packets), and (3) the former keyword is a fully qualified domain name (FQDN) and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the Campus Network.
Yasuo Musashi - One of the best experts on this subject based on the ideXlab platform.
-
Evaluation of DNS based SSH dictionary attack traffic in Campus Network
International Journal of Intelligent Engineering and Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena RomanaAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially those providing SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, (3) the variance can change in a sharp manner through 07:30-08:30, (4) we developed a couple of DNS based SSH detection technologies by employing the PTR RR DNS query request packet traffic variance- and the DNS query keywords Euclid distance based methods, and (5) we evaluated and compared the both detection rates. As a result, although the both detection technologies take high detection rates, the Euclid distance based detection technology can take a low false positive rate than that of the variance based one, indicating that we can detect the inbound SSH dictionary attack to the Network server in the Campus Network by observing the total PTR RR DNS query request packet traffic from the Campus Network.
-
SSH Dictionary Attack and DNS Reverse Resolution Traffic in Campus Network
2010 Third International Conference on Intelligent Networks and Intelligent Systems, 2010Co-Authors: Masaya Kumagai, Yasuo Musashi, Dennis Arturo Ludena Romana, Shinichiro Kubota, Kazuya Takemori, Kenichi SugitaniAbstract:We performed statistical analysis on the total PTR resource record (RR) based DNS query packet traffic from a university Campus Network to the top domain DNS server through March 14th, 2009, when the Network servers in the Campus Network were under inbound SSH dictionary attack. The interesting results are obtained, as follows: (1) the Network servers, especially, they have a function of SSH services, generated the significant PTR RR based DNS query request packet traffic through 07:30-08:30 in March 14th, 2009, (2) we calculated sample variance for the DNS query request packet traffic, and (3) the variance can change in a sharp manner through 07:30-08:30. From these results, it is clearly concluded that we can detect the inbound SSH dictionary attack to the Network server by only observing the variance of the total PTR RR based DNS query request packet traffic from the Network servers in the Campus Network.
-
DNS Based Detection of SSH Dictionary Attack in Campus Network
2009Co-Authors: Dennis Arturo Ludena Romana, Yasuo Musashi, Kenichi Sugitani, Shinichiro Kubota, Masaya Kumagai, Kazuya Takemori, Tsuyoshi Usagawa, Toshinori SueyoshiAbstract:We statistically investigated the DNS query access traffic from a university Campus Network toward the top domain DNS through March 14th, 2009, when the hosts in the Campus Network were under inbound SSH dictionary brute force attack. The interesting results are obtained, as follows: (1) the several hosts generated the DNS query packet traffic, taking a rate of more than 1,000 hour -1 , through 07:30-08:30 in March 14th, 2009, (2) the DNS query packet traffic correlates with the DNS query packet one including more than two specific query keywords (payloads of the packets), and (3) the former keyword is a fully qualified domain name (FQDN) and the latter one is an IP address. Therefore, we can detect inbound SSH dictionary attack by watching frequencies of the FQDNs and the IP addresses as query keywords in the DNS query packets from the hosts in the Campus Network.
