{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T17:45:47Z","timestamp":1740159947309,"version":"3.37.3"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T00:00:00Z","timestamp":1609545600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T00:00:00Z","timestamp":1609545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Evolving Systems"],"published-print":{"date-parts":[[2022,2]]},"DOI":"10.1007\/s12530-020-09360-3","type":"journal-article","created":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T23:02:40Z","timestamp":1609628560000},"page":"1-15","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Detection of stealthy single-source SSH password guessing attacks"],"prefix":"10.1007","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2346-9605","authenticated-orcid":false,"given":"Gokul Kannan","family":"Sadasivam","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chittaranjan","family":"Hota","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anand","family":"Bhojan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,1,2]]},"reference":[{"key":"9360_CR1","doi-asserted-by":"publisher","unstructured":"Abdou A, Barrera D, van Oorschot PC (2016) What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks, vol 9551, Springer International Publishing, chap 6, pp 72\u201391. https:\/\/doi.org\/10.1007\/978-3-319-29938-9_6","DOI":"10.1007\/978-3-319-29938-9_6"},{"key":"9360_CR2","unstructured":"Alata E (2007) Observation, characterization and modeling of attack processes on the internet. PhD thesis, INSA of Toulouse, URL https:\/\/tel.archives-ouvertes.fr\/tel-00280126\/file\/THESE_ERIC_ALATA_TSF.pdf"},{"key":"9360_CR3","unstructured":"Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M, Kumar D, Lever C, Ma Z, Mason J, Menscher D, Seaman C, Sullivan N, Thomas K, Zhou Y (2017) Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), USENIX Association, Vancouver, BC, pp 1093\u20131110, URL https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"9360_CR4","unstructured":"Bezut R, Bernet-Rollande V (2010) Study of dictionary attacks on ssh. Tech. rep., Universite de Technologie Compiegne, Compiegne, France, URL https:\/\/files.xdec.net\/TX_EN_Bezut_Bernet-Rollande_BruteForce_SSH.pdf"},{"key":"9360_CR5","doi-asserted-by":"publisher","unstructured":"Choi H, Lee H, Kim H (2009) Fast detection and visualization of network attacks on parallel coordinates. Comput Security 28(5):276\u2013288. https:\/\/doi.org\/10.1016\/j.cose.2008.12.003, URL http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404808001363","DOI":"10.1016\/j.cose.2008.12.003"},{"key":"9360_CR6","unstructured":"Chopde A (2005) Blockhosts. URL https:\/\/www.aczoom.com\/tools\/blockhosts\/blockhosts.html"},{"key":"9360_CR7","doi-asserted-by":"publisher","unstructured":"Conti G, Abdullah K (2004) Passive visual fingerprinting of network attack tools. In: Proceedings of the CCS Workshop on Visualization and Data Mining for Computer Security, ACM, New York, NY, USA, VizSEC\/DMSEC \u201904, pp 45\u201354, https:\/\/doi.org\/10.1145\/1029208.1029216","DOI":"10.1145\/1029208.1029216"},{"key":"9360_CR8","unstructured":"Davenport S (2013) Slow brute force attack. URL https:\/\/github.blog\/2013-11-20-weak-passwords-brute-forced\/"},{"key":"9360_CR9","unstructured":"Dunn JE (2018) Poorly secured ssh servers targeted by chalubo botnet. URL https:\/\/nakedsecurity.sophos.com\/2018\/10\/24\/poorly-secured-ssh-servers-targeted-by-chalubo-botnet\/"},{"key":"9360_CR10","unstructured":"ESET, Malik M (2017) Linux shishiga malware using lua scripts. URL https:\/\/www.welivesecurity.com\/2017\/04\/25\/linux-shishiga-malware-using-lua-scripts"},{"key":"9360_CR11","unstructured":"Gamblin J (2017) Source code of mirai botnet. URL https:\/\/github.com\/jgamblin\/Mirai-Source-Code"},{"key":"9360_CR12","unstructured":"Gerzo D (2005) bruteforceblocker. URL http:\/\/danger.rulez.sk\/projects\/bruteforceblocker\/"},{"key":"9360_CR13","doi-asserted-by":"publisher","unstructured":"Ghourabi A, Abbes T, Bouhoula A (2014) Behavior Analysis of Web Service Attacks, vol 428, Springer, Berlin, Heidelberg, pp 366\u2013379. https:\/\/doi.org\/10.1007\/978-3-642-55415-5_31","DOI":"10.1007\/978-3-642-55415-5_31"},{"key":"9360_CR14","unstructured":"Goldberg D, Ziv O (2018) Bread and butter attacks. URL https:\/\/www.guardicore.com\/2018\/11\/butter-brute-force-ssh-attack-tool-evolution"},{"key":"9360_CR15","unstructured":"Hansteen P (2008a) The hail mary cloud and the lessons learned. URL https:\/\/home.nuug.no\/~peter\/hailmary2013\/thenumbers.html"},{"key":"9360_CR16","unstructured":"Hansteen P (2008b) A low intensity, distributed bruteforce attempt. URL http:\/\/bsdly.blogspot.in\/2008\/12\/low-intensity-distributed-bruteforce.html"},{"issue":"4","key":"9360_CR17","doi-asserted-by":"publisher","first-page":"279","DOI":"10.7763\/JACN.2014.V2.126","volume":"2","author":"S Honda","year":"2014","unstructured":"Honda S, Takenaka M, Unno Y, Maruhashi K, Torii S (2014) Detection of novel-type brute force attacks used ephemeral springboard ips as camouflage. J Adv Comput Netw 2(4):279\u2013286. https:\/\/doi.org\/10.7763\/JACN.2014.V2.126","journal-title":"J Adv Comput Netw"},{"key":"9360_CR18","unstructured":"Jaquier C (2015) Fail2ban. URL http:\/\/www.fail2ban.org"},{"key":"9360_CR19","doi-asserted-by":"publisher","unstructured":"Javed M, Paxson V (2013) Detecting stealthy, distributed ssh brute-forcing. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, ACM, New York, NY, USA, CCS \u201913, pp 85\u201396, https:\/\/doi.org\/10.1145\/2508859.2516719","DOI":"10.1145\/2508859.2516719"},{"key":"9360_CR20","unstructured":"Kalnai P, Malik M (2016) New linux\/rakos threat: devices and servers under ssh scan (again). URL https:\/\/www.welivesecurity.com\/2016\/12\/20\/new-linuxrakos-threat-devices-servers-ssh-scan\/"},{"key":"9360_CR21","unstructured":"MacTane K (2009) Sshblock. URL http:\/\/kagan.mactane.org\/software\/sshblock"},{"key":"9360_CR22","unstructured":"Malecot EL, Hori Y, Sakurai K, Ryou JC, Lee H (2008) (visually) tracking distributed ssh brute force attacks? In: Proceedings of the 3rd international joint workshop on information security and its applications (IJWISA 2008), pp 1\u20138"},{"key":"9360_CR23","unstructured":"Mazzucchi M, Jones, Zheng K (2017) Sshguard. URL https:\/\/www.sshguard.net"},{"issue":"2","key":"9360_CR24","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/s11416-010-0144-2","volume":"7","author":"V Nicomette","year":"2011","unstructured":"Nicomette V, Ka\u00e2niche M, Alata E, Herrb M (2011) Set-up and deployment of a high-interaction honeypot: experiment and lessons learned. J Comput Virol 7(2):143\u2013157. https:\/\/doi.org\/10.1007\/s11416-010-0144-2","journal-title":"J Comput Virol"},{"key":"9360_CR25","unstructured":"P-N Tan, Steinbach M, Kumar V (2019) DBSCAN\u201d, in Introduction to Data Mining, 7th edn, Pearson India Education Services Pvt. Ltd., India, chap\u00a08, pp 518\u2013524"},{"key":"9360_CR26","unstructured":"P-N Tan, Steinbach M, Kumar V (2019) \u201cIssues in Proximity Calculation\u201d. In: Introduction to data mining, 7th edn, Pearson India Education Services Pvt. Ltd., India, chap 2, p 83"},{"key":"9360_CR27","unstructured":"P-N Tan, Steinbach M, Kumar V (2019) \u201cMissing values\u201d. In: Introduction to data mining, 7th edn, Pearson India Education Services Pvt. Ltd., India, chap 2, pp 40\u201341"},{"key":"9360_CR28","unstructured":"Pouget F, Dacier M (2004) Honeypot-based forensics. In: In AusCERT Asia Pacific information technology security conference 2004 (AusCERT2004, Brisbane, AUSTRALIA, URL http:\/\/www.eurecom.fr\/publication\/1417"},{"key":"9360_CR29","unstructured":"Rash M (2010) A new ssh password guessing botnet. URL http:\/\/cipherdyne.org\/blog\/2010\/08\/a-new-ssh-password-guessing-botnet-dd_ssh.html"},{"key":"9360_CR30","unstructured":"RGregory (2010) sshdfilter. URL http:\/\/abatis.org.uk\/sshdfilter\/"},{"key":"9360_CR001","doi-asserted-by":"publisher","unstructured":"Sadasivam GK, Hota C (2015) Scalable honeypot architecture for identifying malicious network activities. In: Emerging information\ntechnology and engineering solutions (EITES), 2015 international conference on, Pune, India, pp 27\u201331. https:\/\/doi.org\/10.1109\/EITES.2015.15","DOI":"10.1109\/EITES.2015.15"},{"issue":"2","key":"9360_CR31","doi-asserted-by":"publisher","first-page":"217","DOI":"10.2197\/ipsjjip.24.217","volume":"24","author":"S Saito","year":"2016","unstructured":"Saito S, Maruhashi K, Takenaka M, Torii S (2016) Topase: detection and prevention of brute force attacks with disciplined ips from ids logs. J Inform Process 24(2):217\u2013226. https:\/\/doi.org\/10.2197\/ipsjjip.24.217","journal-title":"J Inform Process"},{"key":"9360_CR32","unstructured":"Schwartz P (2008) Denyhosts. URL http:\/\/www.denyhosts.net"},{"key":"9360_CR33","unstructured":"Scikit-learn (2018) Clustering performance evaluation. URL https:\/\/scikit-learn.org\/0.20\/modules\/clustering.html#clustering-performance-evaluation"},{"key":"9360_CR34","doi-asserted-by":"publisher","unstructured":"Sqalli MH, Firdous SN, Salah K, Abu-Amara M (2013) Classifying malicious activities in honeynets using entropy and volume-based thresholds. Security Commun Netw 6(5):567\u2013583. https:\/\/doi.org\/10.1002\/SEC.575, URL https:\/\/onlinelibrary.wiley.com\/doi\/abs\/10.1002\/sec.575","DOI":"10.1002\/SEC.575"},{"key":"9360_CR35","doi-asserted-by":"publisher","unstructured":"Thonnard O, Dacier M (2008) A framework for attack patterns\u2019 discovery in honeynet data. Digital Investigation 5:S128\u2013S139, https:\/\/doi.org\/10.1016\/J.DIIN.2008.05.012, URL http:\/\/www.sciencedirect.com\/science\/article\/pii\/S1742287608000431, the Proceedings of the Eighth Annual DFRWS Conference","DOI":"10.1016\/J.DIIN.2008.05.012"},{"key":"9360_CR36","unstructured":"Wikipedia (2018) Entropy. URL https:\/\/en.wikipedia.org\/wiki\/Entropy_(information_theory)"},{"key":"9360_CR37","doi-asserted-by":"crossref","unstructured":"Ylonen T, Lonvick C (2006a) The secure shell (ssh) authentication protocol. RFC 4252, RFC Editor, URL http:\/\/www.rfc-editor.org\/rfc\/rfc4252.txt","DOI":"10.17487\/rfc4252"},{"key":"9360_CR38","doi-asserted-by":"crossref","unstructured":"Ylonen T, Lonvick C (2006b) The secure shell (ssh) connection protocol. RFC 4254, RFC Editor, URL http:\/\/www.rfc-editor.org\/rfc\/rfc4254.txt","DOI":"10.17487\/rfc4254"},{"key":"9360_CR39","doi-asserted-by":"crossref","unstructured":"Ylonen T, Lonvick C (2006c) The secure shell (ssh) transport layer protocol. RFC 4253, RFC Editor, URL http:\/\/www.rfc-editor.org\/rfc\/rfc4253.txt","DOI":"10.17487\/rfc4253"},{"key":"9360_CR40","doi-asserted-by":"publisher","unstructured":"Zhu Y, Zheng WX (2019) Observer-based control for cyber-physical systems with periodic dos attacks via a cyclic switching strategy. IEEE Transactions on Automatic Control pp 1\u20131, https:\/\/doi.org\/10.1109\/TAC.2019.2953210","DOI":"10.1109\/TAC.2019.2953210"}],"container-title":["Evolving Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12530-020-09360-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12530-020-09360-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12530-020-09360-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:17:35Z","timestamp":1644229055000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12530-020-09360-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,2]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,2]]}},"alternative-id":["9360"],"URL":"https:\/\/doi.org\/10.1007\/s12530-020-09360-3","relation":{},"ISSN":["1868-6478","1868-6486"],"issn-type":[{"type":"print","value":"1868-6478"},{"type":"electronic","value":"1868-6486"}],"subject":[],"published":{"date-parts":[[2021,1,2]]},"assertion":[{"value":"12 February 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 November 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 January 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Compliance with ethical standards"}},{"value":"Not applicable","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Funding"}},{"value":".","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Code availability"}}]}}