Analyzing Break-In Attempts Across Multiple Servers using Apache Spark

Slide Note
Embed
Share

Exploring cyber attacks on West Chester University's servers by analyzing security logs from five online servers using Apache Spark for large-scale data analysis. Uncovering attack types, frequency patterns, and sources to enhance security measures. Discover insights on break-in attempts and potential vulnerabilities for improved server protection.

ambr_53
ambr_53 Follow

Uploaded on Oct 09, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. STUDYING BREAK-IN ATTEMPTS ACROSS MULTIPLE SERVERS USING APACHE SPARK AND SECURITY LOGS Tyler Clark & Kevin Codd

  2. Introduction We sought to better understand cyber attacks on West Chester University s servers Understand types, frequency patterns, and sources of attacks Most information related to cyber-attacks is recorded in Linux system logs Analyzed the system logs of WCU CSC Department s five online servers Utilized Spark, a large-scale data analytical engine to conduct our analysis

  3. Apache Spark Unified analytics engine for large-scale data Can conduct unified compute jobs on distributed data sets Functions using MapReduce Programming Framework Allows for future scaling of our security log data

  4. Servers Bones Roadrunner Submitty Coyote Taz The web server for faculty and other department-related web pages. The web server for non- CS students to host pages for web development and design courses in the Information Technology program. Hosts the Submitty autograding server for several CSC courses. Available to CSC students for courses requiring a Linux environment. Available to CSC students for courses requiring a Linux environment. Has become obsolete and unused over the past few years but remains online as a potential backup solution for Taz.

  5. Structure of a Log Date Time Server Process Message ((( Jan , 24 ), sshd[18558]: , submitty ), Failed password for invalid user basesystem from 206.189.173.15 port 44942 ssh2 )

  6. Cleaning Logs User IP Port Failed password for invalid user [User] from [IP] port [Port] ssh2

  7. The Result 5 million to 474 More observable Room for improvement

  8. Attempted Means of Access SSH (Secure Shell Server) - Cryptographic protocol for remote login to a server Primary means of access for legitimate users Linux SSH process - handles incoming connections and user authentication via SSH protocol 4.9 million messages (97%) - vast majority of break-in attempts Pure-FTP and vsftp - File Transfer Protocols Means of transferring files to/from server 4372 messages(<0.1%) Included messages indicative of attacks attempting to identify whether servers have FTP up and unprotected

  9. Type of Attacks Standard Authentication Errors: Servers are setup for authentication via password - most authentication errors stem from a failed password, also invalid username Injection Attack: An attempt to run malicious code through user-submitted strings. String of hexadecimal values, possibly representing malicious code that could be run if executed from memory - difficult to determine exact intent

  10. Types of Attacks Evidence of Use of Username Dictionary: Users (most likely bots) were attempting to change their usernames during authentication:

  11. Types of Attacks Attempts to Use Older SSH Versions: Attackers were searching for whether the server was using an older version of SSH, most likely to use some exploit that was patched out in later versions. File Transfer Protocol Attacks: Attempts to access server via FTP as anonymous user

  12. What We Considered an Attack Our Definition: When an SSH connection fails Failed password Invalid username

  13. Grouping Messages Key Date Process Server Value Message

  14. Countries of Origin

  15. Conclusions We gained a novel awareness of the types, frequency, and origins of attacks on our department s servers We established a scalable framework for future analysis

Related


Understanding Apache Spark: A Comprehensive Overview

Understanding Apache Spark: A Comprehensive Overview

trck900
Understanding Client/Server Computing Architecture

Understanding Client/Server Computing Architecture

rasmusga
Understanding Apache Tomcat: An Open Source Implementation of Java Servlet and JSP Technologies

Understanding Apache Tomcat: An Open Source Implementation of Java Servlet and JSP Technologies

soel234
Understanding Apache Spark: Fast, Interactive, Cluster Computing

Understanding Apache Spark: Fast, Interactive, Cluster Computing

tru
Understanding Apache Kafka: A Messaging System Overview

Understanding Apache Kafka: A Messaging System Overview

yaqub
Introduction to Spark in The Hadoop Stack

Introduction to Spark in The Hadoop Stack

ek_rli
Introduction to Apache Spark: Simplifying Big Data Analytics

Introduction to Apache Spark: Simplifying Big Data Analytics

viviennel
Introduction to Spark Streaming for Large-Scale Stream Processing

Introduction to Spark Streaming for Large-Scale Stream Processing

darby
Introduction to Map-Reduce and Spark in Parallel Programming

Introduction to Map-Reduce and Spark in Parallel Programming

cle_ri
Comprehensive Guide to Setting Up Apache Spark for Data Processing

Comprehensive Guide to Setting Up Apache Spark for Data Processing

elai_671
Introduction to Spark: Lightning-fast Cluster Computing

Introduction to Spark: Lightning-fast Cluster Computing

dill_r
Understanding Computer Networks and Servers

Understanding Computer Networks and Servers

louie
Server Design Alternatives - A Comprehensive Overview

Server Design Alternatives - A Comprehensive Overview

havy_960
Understanding Domain Names for Authoritative DNS Servers

Understanding Domain Names for Authoritative DNS Servers

asy_mar
Distributed Volumetric Data Analytics Toolkit on Apache Spark

Distributed Volumetric Data Analytics Toolkit on Apache Spark

serign
Overview of Delta Lake, Apache Spark, and Databricks Pricing

Overview of Delta Lake, Apache Spark, and Databricks Pricing

car_bor
Discussion on Provisioning Servers Addressing Information in 3GPP TS 23.501

Discussion on Provisioning Servers Addressing Information in 3GPP TS 23.501

diey229
Perspectives on Learning Apache Hadoop for Big Data Analysis in Universities

Perspectives on Learning Apache Hadoop for Big Data Analysis in Universities

drusilla
Introduction to Apache Pig: A High-level Overview

Introduction to Apache Pig: A High-level Overview

kenj_141
Fault-tolerant and Load-balanced VuFind Project Overview

Fault-tolerant and Load-balanced VuFind Project Overview

male_412
Apache MINA: High-performance Network Applications Framework

Apache MINA: High-performance Network Applications Framework

eilidh
Introduction to Apache Oozie Workflow Management in Hadoop

Introduction to Apache Oozie Workflow Management in Hadoop

kvenu
Overview of Installing Apache Tomcat Server

Overview of Installing Apache Tomcat Server

disc_i
The Art of Logging: An Exploration with Apache Log4j 2 by Gary Gregory

The Art of Logging: An Exploration with Apache Log4j 2 by Gary Gregory

laveo

More Related Content

Minimum Direct Connections to Achieve Simultaneous Access
Minimum Direct Connections to Achieve Simultaneous Access
Overview of Spark SQL: A Revolutionary Approach to Relational Data Processing
Overview of Spark SQL: A Revolutionary Approach to Relational Data Processing
Introduction to Spark: Lightning-Fast Cluster Computing
Introduction to Spark: Lightning-Fast Cluster Computing
Understanding Topological Sorting in Spark GraphX
Understanding Topological Sorting in Spark GraphX
Understanding Email Technologies and Infrastructure
Understanding Email Technologies and Infrastructure
Analysis of
Analysis of "Break, Break, Break" by Alfred, Lord Tennyson
Analysis of Tennyson's Poem
Analysis of Tennyson's Poem "Break, Break, Break" and its Themes
Bonrix SMPP Gateway 1.0.1 Overview
Bonrix SMPP Gateway 1.0.1 Overview
Understanding Concurrent Processing in Client-Server Software
Understanding Concurrent Processing in Client-Server Software
Understanding Break-Even Analysis for Small Business - A Practical Example
Understanding Break-Even Analysis for Small Business - A Practical Example
Processing Big Data with Apache Pig in Hadoop Ecosystem
Processing Big Data with Apache Pig in Hadoop Ecosystem
Porting to BlackBerry using Apache Cordova - Development Insights
Porting to BlackBerry using Apache Cordova - Development Insights
Comparing Autocratic Attempts in Poland and Hungary
Comparing Autocratic Attempts in Poland and Hungary
Understanding Spark Containers and Layouts in Flex 4
Understanding Spark Containers and Layouts in Flex 4
Understanding the Architecture of the World Wide Web
Understanding the Architecture of the World Wide Web
4-H Spark Achievement Program Overview
4-H Spark Achievement Program Overview
Connecting Spark to Files Containing Data - Overview of RDD Model Expansion
Connecting Spark to Files Containing Data - Overview of RDD Model Expansion
Understanding Mail Server Basics from a Linux Operating System Perspective
Understanding Mail Server Basics from a Linux Operating System Perspective
Post-COVID-19 Operational Guide for PCR Inc.
Post-COVID-19 Operational Guide for PCR Inc.
Slow Control Servers and Network Configuration for SVD Management
Slow Control Servers and Network Configuration for SVD Management
Understanding Client-Server Paradigm in Distributed Systems
Understanding Client-Server Paradigm in Distributed Systems
Understanding Client-Server Computing in Distributed Systems
Understanding Client-Server Computing in Distributed Systems
Apache Traffic Control Update Highlights
Apache Traffic Control Update Highlights
Introduction to Google App Engine - A Platform for Easy Application Development
Introduction to Google App Engine - A Platform for Easy Application Development