Comparing FTP and SSH Password Brute Force Attack Detection using k-Nearest Neighbour (k-NN) and Decision Tree in Cloud Computing

Abstract

Cloud computing represents a new epoch in computing. From huge enterprises to individual use, cloud computing always provides an answer. Therefore, cloud computing must be readily accessible and scalable, and customers must pay only for the resources they consume rather than for the entire infrastructure. With such conveniences, come with their own threat especially brute force attacks since the resources are available publicly online for the whole world to see. In a brute force attack, the attacker attempts every possible combination of username and password to obtain access to the system. This study aims to examine the performance of the k-Nearest Neighbours (k-NN) and Decision Tree algorithms by contrasting their precision, recall, and F1 score. This research makes use of the CICIDS2017 dataset, which is a labelled dataset produced by the Canada Institute for Cybersecurity. A signature for the brute force attack is utilised with an Intrusion Detection System (IDS) to detect the attack. This strategy, however, is ineffective when a network is being attacked by a novel or unknown attack or signature. At the conclusion of the study, the performance of both algorithms is evaluated by comparing their precision, recall, and f1 score. The results show that Decision Tree performs slightly better than k-NN at classifying FTP and SSH attacks.