Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service

Kriti Majumdar; Nitesh Kumar; Anand Handa; Sandeep Shukla

doi:10.5220/0013118900003899

Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service

Kriti Majumdar, Nitesh Kumar, Anand Handa, Sandeep Shukla

2025

Abstract

In the realm of cyber security, profiling attackers’ behaviors provides critical insights that can enhance defensive strategies and improve the security of network services. This paper introduces a methodology for profiling attackers through the analysis of multi-attack patterns on Secure Shell (SSH) services. We develop a comprehensive framework that utilizes both predefined rule-based techniques and advance machine learning techniques to classify attack types and link them to specific attacker profiles. By analyzing logs from SSH services that comprise various SSH attack incidents, we identify common and distinct behavioral patterns that help in predicting future attacks and identifying the likely attributes of attackers. Our attacker profiling system addresses the five key ‘wh’ questions: who is causing the attack, when the attack occurred, how the attack was executed, from where the attack originated, and what type of attack was carried out. The results demonstrate that our approach is highly effective not only at detecting security threats but also at profiling them, which allows for the the development of specific and effective countermeasures. This methodology significantly enhances the ability to anticipate and mitigate a wide range of attack vectors, strengthening overall cybersecurity resilience.

Download

Paper Citation

in Harvard Style

Majumdar K., Kumar N., Handa A. and Shukla S. (2025). Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 150-159. DOI: 10.5220/0013118900003899

in Bibtex Style

@conference{icissp25,
author={Kriti Majumdar and Nitesh Kumar and Anand Handa and Sandeep Shukla},
title={Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={150-159},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013118900003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service
SN - 978-989-758-735-1
AU - Majumdar K.
AU - Kumar N.
AU - Handa A.
AU - Shukla S.
PY - 2025
SP - 150
EP - 159
DO - 10.5220/0013118900003899
PB - SciTePress