Kex-Filtering: A Proactive Approach to Filtering

Fabrizio Baiardi; Filippo Boni; Giovanni Braccini; Emanuele Briganti; Luca Deri; Luca Deri

doi:10.5220/0012788700003767

Kex-Filtering: A Proactive Approach to Filtering

Fabrizio Baiardi, Filippo Boni, Giovanni Braccini, Emanuele Briganti, Luca Deri, Luca Deri

2024

Abstract

Kex-Filtering is a method to identify malicious nodes by analyzing their configuration when they try to connect as clients to an SSH server. The process adopts the hassh hashing network fingerprinting standard to discover and record the distinct configurations of malicious SSH clients. The method computes an MD5 hash during the SSH handshake when the client and server exchange their SSH configurations, including a specific range of algorithms to establish a secure SSH channel. Kex-Filtering fully exploits that, to simplify botnet management, a large number of nodes of a botnet share the same configuration of their SSH clients. Experimental data collected through honeypots confirm that Kex-Filtering stops a large percentage of attacks and it results in a very low number of false positives and negatives even when using few hashes.

Download

Paper Citation

in Harvard Style

Baiardi F., Boni F., Braccini G., Briganti E. and Deri L. (2024). Kex-Filtering: A Proactive Approach to Filtering. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 528-535. DOI: 10.5220/0012788700003767

in Bibtex Style

@conference{secrypt24,
author={Fabrizio Baiardi and Filippo Boni and Giovanni Braccini and Emanuele Briganti and Luca Deri},
title={Kex-Filtering: A Proactive Approach to Filtering},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={528-535},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012788700003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Kex-Filtering: A Proactive Approach to Filtering
SN - 978-989-758-709-2
AU - Baiardi F.
AU - Boni F.
AU - Braccini G.
AU - Briganti E.
AU - Deri L.
PY - 2024
SP - 528
EP - 535
DO - 10.5220/0012788700003767
PB - SciTePress