Distribution of Invalid Users on an SSH Server

Rasmus Kai; Kokkonen Tero; Hämäläinen Timo

doi:10.1007/978-3-031-60227-6_12

dc.contributor.author	Rasmus Kai
dc.contributor.author	Kokkonen Tero
dc.contributor.author	Hämäläinen Timo
dc.contributor.editor	Rocha, Álvaro
dc.contributor.editor	Adeli, Hojjat
dc.contributor.editor	Dzemyda, Gintautas
dc.contributor.editor	Moreira, Fernando
dc.contributor.editor	Poniszewska-Marańda, Aneta
dc.date.accessioned	2024-06-06T06:25:50Z
dc.date.available	2024-06-06T06:25:50Z
dc.date.issued	2024
dc.identifier.citation	Rasmus Kai, Kokkonen Tero, Hämäläinen Timo. (2024). Distribution of Invalid Users on an SSH Server. In Á. Rocha, H. Adeli, G. Dzemyda, F. Moreira, & A. Poniszewska-Marańda (Eds.), <i>WorldCIST 2024 : Good Practices and New Perspectives in Information Systems and Technologies</i> (985, pp. 139-151). Springer. Lecture Notes in Networks and Systems. <a href="https://doi.org/10.1007/978-3-031-60227-6_12" target="_blank">https://doi.org/10.1007/978-3-031-60227-6_12</a>
dc.identifier.other	CONVID_213737577
dc.identifier.uri	https://jyx.jyu.fi/handle/123456789/95573
dc.description.abstract	The Secure Shell (SSH) server on a Unix-like system is a viable way for users to login and execute programs on the system remotely. Remote access is something that hackers also want to achieve, making SSH servers a target for attack. A quantitative study was made of the distribution of usernames and IP addresses in failed login usernames on a publicly available SSH server. The failed logins and IP addresses were ranked according to the number of occurrences producing a distribution. The results indicated that the elements followed approximately a distribution with an inverse relationship with the rank of the element similar to what is known as the Zipf’s Law. An important consequence of the Zipf’s law is that 20% of elements are responsible for 80% of consequences, which means that by blocking 20% of the failed login usernames or IP addresses, 80% or more of the failed logins are also blocked. This was found to be true for a real-world scenario. Some topics were identified for further research.	en
dc.format.extent	228
dc.format.mimetype	application/pdf
dc.language.iso	eng
dc.publisher	Springer
dc.relation.ispartof	WorldCIST 2024 : Good Practices and New Perspectives in Information Systems and Technologies
dc.relation.ispartofseries	Lecture Notes in Networks and Systems
dc.rights	In Copyright
dc.title	Distribution of Invalid Users on an SSH Server
dc.type	conference paper
dc.identifier.urn	URN:NBN:fi:jyu-202406064333
dc.contributor.laitos	Informaatioteknologian tiedekunta	fi
dc.contributor.laitos	Faculty of Information Technology	en
dc.type.uri	http://purl.org/eprint/type/ConferencePaper
dc.relation.isbn	978-3-031-60226-9
dc.type.coar	http://purl.org/coar/resource_type/c_5794
dc.description.reviewstatus	peerReviewed
dc.format.pagerange	139-151
dc.relation.issn	2367-3370
dc.relation.volume	985
dc.type.version	acceptedVersion
dc.rights.copyright	© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
dc.rights.accesslevel	embargoedAccess	fi
dc.type.publication	conferenceObject
dc.relation.conference	World Conference on Information Systems and Technologies
dc.subject.yso	hakkerit
dc.subject.yso	tietoverkot
dc.subject.yso	etäkäyttö
dc.format.content	fulltext
jyx.subject.uri	http://www.yso.fi/onto/yso/p22619
jyx.subject.uri	http://www.yso.fi/onto/yso/p12936
jyx.subject.uri	http://www.yso.fi/onto/yso/p20557
dc.rights.url	http://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.doi	10.1007/978-3-031-60227-6_12
jyx.fundinginformation	This research was partially funded by the Resilience of Modern Value Chains in a Sustainable Energy System project, co-funded by the European Union and the Regional Council of Central Finland (grant number J10052).
dc.type.okm	A4