Keskeiset käsitteet
This research project focuses on predicting the presence and location of SSH keys within OpenSSH memory dumps using machine learning and deep learning models, in order to enhance protective measures against illicit access and enable the development of advanced security frameworks or tools like honeypots.
Tiivistelmä
The digital age has brought an unprecedented increase in the volume and complexity of sensitive data, making cybersecurity a critical focus area. The Secure Shell (SSH) protocol and its popular implementation, OpenSSH, are widely used for secure remote access, file transfer, and as secure tunnels. However, SSH can also conceal malicious activities, as unauthorized actors may gain access to SSH keys to infiltrate systems.
This Masterarbeit aims to address this challenge by developing methods to predict the presence and location of SSH keys within OpenSSH memory dumps. The research builds upon previous work on key prediction, such as SSHkex and SmartKex, and explores the use of machine learning and deep learning models, as well as graph-based memory modeling techniques, to enhance the accuracy and effectiveness of SSH key detection.
The key aspects of the research include:
Exploration and analysis of the OpenSSH memory dump dataset, including data cleaning, pattern detection, and understanding of the underlying data structures.
Development of graph-based memory representations and various embedding techniques to capture the relevant features for model training.
Evaluation of classic machine learning models, such as Logistic Regression, Random Forest, and SGD Classifier, as well as more advanced Graph Convolutional Network (GCN) models for binary classification of SSH key presence.
Comparison of the performance of different models and embedding strategies to identify the most effective approaches for SSH key prediction.
The goal is to provide enhanced protective measures against illicit access and enable the development of advanced security frameworks or tools, such as honeypots, to monitor and detect potential malicious activities that leverage SSH.
Tilastot
The research utilizes a dataset of OpenSSH memory dumps, which includes raw binary files and corresponding JSON annotations indicating the presence and location of SSH keys.
Lainaukset
"As the digital landscape evolves, cybersecurity has become an indispensable focus of IT systems."
"SSH veils its communications through encryption, making it difficult to detect malicious activities."