Detection of SSH Brute Force Attacks Using Naïve Bayes Classification on Cowrie Honeypot Logs in a Virtualized Environment
Article Sidebar
Main Article Content
Abstract
The increasing number of brute force cyberattacks targeting SSH services highlights the urgent need for effective early detection and mitigation systems. This study aims to analyze brute force attack patterns using the Naïve Bayes classification algorithm based on log data generated by the Cowrie Honeypot. A simulated virtual environment was developed to emulate attack scenarios and generate authentic SSH log data while preserving real server confidentiality. The system architecture follows the CRISP-DM framework, including data preprocessing, model development, evaluation, and deployment. Evaluation using confusion matrix metrics showed that the Naïve Bayes algorithm successfully distinguished brute force attempts from normal traffic with high accuracy, precision, recall, and F1-score. The findings confirm the potential of combining Cowrie honeypot data with machine learning classifiers as an early warning tool for intrusion detection in enterprise network infrastructures.
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
S. Mishra and S. Gochhait, "Emerging cybersecurity attacks in the era of digital transformation," in 2023 7th International Conference on Intelligent Computing and Control Systems (ICICCS), 2023: IEEE, pp. 1442-1447.
J.-K. Lee, S.-J. Kim, J. Woo, and C. Y. Park, "Analysis and response of SSH brute force attacks in multi-user computing environment," KIPS Transactions on Computer and Communication Systems, vol. 4, no. 6, pp. 205-212, 2015.
M. D. Hossain, H. Ochiai, F. Doudou, and Y. Kadobayashi, "Ssh and ftp brute-force attacks detection in computer networks: Lstm and machine learning approaches," in 2020 5th international conference on computer and communication systems (ICCCS), 2020: IEEE, pp. 491-497.
K. Apostol, "Brute-force attack," ed: SaluPress, 2012.
M. M. Najafabadi, T. M. Khoshgoftaar, C. Kemp, N. Seliya, and R. Zuech, "Machine learning for detecting brute force attacks at the network level," in 2014 IEEE International Conference on Bioinformatics and Bioengineering, 2014: IEEE, pp. 379-385.
S.-E. Jeon et al., "An Effective Threat Detection Framework for Advanced Persistent Cyberattacks," Computers, Materials & Continua, vol. 75, no. 2, 2023.
D. K. NURILAHI, R. MUNADI, S. SYAHRIAL, and A. Bahri, "Penerapan Metode Naï ve Bayes pada Honeypot Dionaea dalam Mendeteksi Serangan Port Scanning," ELKOMIKA: Jurnal Teknik Energi Elektrik, Teknik Telekomunikasi, & Teknik Elektronika, vol. 10, no. 2, p. 309, 2022.
T. Natanegara, Y. Muhyidin, and D. Singasatia, "Implementasi Honeypot Cowrie Dan Snort Sebagai Alat Deteksi Serangan Pada Server," JATI (Jurnal Mahasiswa Teknik Informatika), vol. 7, no. 3, pp. 1871-1877, 2023.
H. Alosimy, J. AlZaidi, S. H. Alajmani, and B. Soh, "An Algorithm for Detecting Brute Force Attacks on FTP and SSH Services Utilizing Deep Learning with Probabilistic Neural Networks (PNN)," 2025.
C. Menteng, A. Setyanto, and H. Al Fatta, "MODEL DETEKSI SERANGAN SSH-BRUTE FORCE BERDASARKAN DEEP BELIEF NETWORK," Jurnal Teknologi Informasi: Jurnal Keilmuan dan Aplikasi Bidang Teknik Informatika, vol. 17, no. 2, pp. 101-110, 2023.
Herianto and E. M. Shamirah, "PERANCANGAN SISTEM KEAMANAN RUANGAN BERBASIS INTERNET OF THINGS DENGAN FITUR TWO-FACTOR ATHENTICATION (2FA)," vol. 13, ed, 2023, pp. 96-104.
A. M. Shimaoka, R. C. Ferreira, and A. Goldman, "The evolution of CRISP-DM for data science: Methods, processes and frameworks," SBC Reviews on Computer Science, vol. 4, no. 1, pp. 28-43, 2024.
D. Berrar, "Bayes' theorem and naive Bayes classifier," 2025.
S. Sathyanarayanan and B. R. Tantri, "Confusion matrix-based performance evaluation metrics," African Journal of Biomedical Research, pp. 4023-4031, 2024.