<p>Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.</p>
| Identifer | oai:union.ndltd.org:UPSALLA/oai:DiVA.org:liu-6818 |
| Date | January 2006 |
| Creators | Leufvén, Claes |
| Publisher | Linköping University, Department of Electrical Engineering, Institutionen för systemteknik |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, text |
Page generated in 0.0022 seconds