Detecting SSH identity theft in HPC cluster environments using Self-organizing maps
Independent thesis Basic level (professional degree), 20 points / 30 hpStudent thesis
Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.
Place, publisher, year, edition, pages
Institutionen för systemteknik , 2006. , 49 p.
SSH identity theft, cluster security, intrusion detection, Self organizing
Computer and Information Science
IdentifiersURN: urn:nbn:se:liu:diva-6818ISRN: LITH-ISY-EX--06/3819--SEOAI: oai:DiVA.org:liu-6818DiVA: diva2:22012