Visible to the public An SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System

TitleAn SSH Honeypot Architecture Using Port Knocking and Intrusion Detection System
Publication TypeConference Paper
Year of Publication2018
AuthorsArifianto, R. M., Sukarno, P., Jadied, E. M.
Conference Name2018 6th International Conference on Information and Communication Technology (ICoICT)
Date Publishedmay
Keywordsauthentication, Computer crime, computer network security, Force, honey pots, honeypot, Human Behavior, human factors, IDS, intrusion detection system, IP networks, kippo honeypot, Linux, Operating systems, port knocking, pubcrawl, resilience, Resiliency, Scalability, secure shell, secure shell honeypot, Servers, software architecture, SSH honeypot architecture, SSH service attack
AbstractThis paper proposes an architecture of Secure Shell (SSH) honeypot using port knocking and Intrusion Detection System (IDS) to learn the information about attacks on SSH service and determine proper security mechanisms to deal with the attacks. Rapid development of information technology is directly proportional to the number of attacks, destruction, and data theft of a system. SSH service has become one of the popular targets from the whole vulnerabilities which is existed. Attacks on SSH service have various characteristics. Therefore, it is required to learn these characteristics by typically utilizing honeypots so that proper mechanisms can be applied in the real servers. Various attempts to learn the attacks and mitigate them have been proposed, however, attacks on SSH service are kept occurring. This research proposes a different and effective strategy to deal with the SSH service attack. This is done by combining port knocking and IDS to make the server keeps the service on a closed port and open it under user demand by sending predefined port sequence as an authentication process to control the access to the server. In doing so, it is evident that port knocking is effective in protecting SSH service. The number of login attempts obtained by using our proposed method is zero.
DOI10.1109/ICoICT.2018.8528787
Citation Keyarifianto_ssh_2018