iBusiness, 2011, 3, 65-70 doi:10.4236/ib.2011.31011 Published Online March 2011 (http://www.SciRP.org/journal/ib) Copyright © 2011 SciRes. iB Developing the Upgrade Detection and Defense System of SSH Dictionary-Attack for Multi-Platform Environment Yen-Ning Su 1 , Guang-Han Chung 2 , Benjamin Jenghorng Wu 3 1 Department of Engineering Science, National Cheng Kung University, Taiwan, China; 2 Department of Leisure and Information Management, Taiwan Shoufu University, Taiwan, China; 3 Institution of Technology Development and Communication, National University of Tainan, Taiwan, China. Email: 1 yenning@mail.tn.edu.tw; 2 guanghan999@hotmail.com; 3 whiteben0222@gmail.com Received November 14 th , 2010; revised December 29 th , 2010; accepted January 8 th , 2011. ABSTRACT Based on the improved algorithm for analyzing log and the detection and defense system of SSH Dictionary-Attack for Multi-Platform Environment (Su, Chen, Chung & Wu), we developed the upgrade detection and defense system of SSH Dictionary-Attack for Multi-Platform Environment. In this study, we introduced the current threats and the types of SSH Dictionary-Attack. Then, we explained the functions and differences between the current defense software and defense types of SSH Dictionary-Attack; and described the current system of SSH Dictionary-Attack for Multi-Platform Envi- ronment. Moreover, based on the study of Su, Chen, Chung and Wu, we improved the algorithm of analyzing log in or- der to increase the defense capability of SSH Dictionary-Attack. After that, we designed the upgrade detection and de- fense system of SSH Dictionary-Attack for Multi-Platform Environment. The contribution of this study is to provide the upgrade detection and defense system of SSH Dictionary-Attack which was to keep the functions of original system of SSH Dictionary-Attack, and to improve the effectiveness of the algorithm of analyzing log. Keywords: SSH Dictionary Attak, An Improved Algorithm for Analyzing Log, Multi-Platform Environment 1. Introduction The internet grew rapidly, and the operation of server software was getting easy. For public, privet, and aca- demic organizations, they could simply design the web to service the public and provide the easy access for people to reach information. However, how to ensure the safety of the server be- came the big issue for the server designers. Simson Garfinkel and Gene Spafford pointed out that there were many online-safety cases happening in the recent years, for example account invaded, the pin numbers were sto- len and so on [1]. Those problems cased a lot of damages which were hard to value. According to the annual report of Government Accountability office (in 2009), there were seven major elements of network security, such as network analysis, and early warning capacity [2]. In ad- dition, other related studies and SANS indicated that the attacks for remote network servers mostly focused on SSH, FTP, Telnet and Web, especially attacking SSH, FTP and Telnet servers through violent pin number guesses [3-5]. Hence, if the web-site administrators could focus on the web safety, pay attention on the network connection status, and design the warning system for network attacks, this would increase the safety of the servers. In the control of the server safety, password system was the first defense [6,7]. Generally, most servers used account and password as the tool for access control. By using those tools, the administrators could control the users to access into the system. However, if the intruders could break the password system, there would be no safety in the server. Based on the study of Su and Chen, the finding indicated that the password system was the most popular used. It was important to ensure the safety of the password system in order to increase the security of the web system [7]. SSH Dictionary-Attack defined as the way for intrud- ers to attack the SSH servers by guessing the combina- tions of the numbers in order to get the pin number to access into the target accounts. According to Xue’s study