v3.0 - Masters Research Project

Intelligent SSH Security
for Modern Enterprises

A lightweight, ML-powered SSH anomaly detection system designed specifically for Small and Medium Enterprises. Monitor threats, detect attacks, respond automatically.

🚀 Access Dashboard 📚 View Research
Star on GitLab
96.9%
Detection Accuracy
<30s
Response Time
4
Threat Intel APIs
50+
ML Features
🚀 Quick Start:
git clone https://gitlab.com/sohell.ranaa/ssh-guardian.git
Features

Enterprise-Grade Security, SME-Friendly

Advanced threat detection capabilities without the complexity or cost of enterprise solutions.

🤖

ML-Powered Detection

Random Forest classifier with 50+ engineered features achieves 96.9% accuracy in detecting SSH attacks including brute force, credential stuffing, and advanced threats.

Real-Time Monitoring

Live event stream processing with instant threat classification. Monitor authentication events, track IP behavior, and visualize security trends in real-time.

🌐

Threat Intelligence

Integration with AbuseIPDB, VirusTotal, IPQualityScore, and Shodan. Automatic Tor exit node, VPN, and datacenter detection.

🔒

Automated Blocking

Intelligent rule-based and ML-driven blocking with UFW and Fail2ban integration. Configurable thresholds and automatic unblocking.

📊

Analytics Dashboard

Comprehensive security analytics with trends, geographic visualization, risk scoring, and exportable reports. Mobile-responsive design.

🔔

Smart Notifications

Multi-channel alerts via Email and Telegram with customizable rules. Get notified of high-risk events, off-hours access, and anomalies.

Architecture

System Overview

A distributed architecture designed for scalability and real-time processing.

SSH Guardian System Architecture
How It Works

Simple Yet Powerful

Deploy in minutes, protect your servers 24/7 with intelligent automation.

1

Deploy Agent

Install lightweight Python agent on your servers. Monitors auth.log for SSH events with minimal resource usage.

2

Analyze & Detect

ML pipeline enriches events with threat intelligence, extracts features, and classifies threats in real-time.

3

Respond & Protect

Automatic blocking of malicious IPs, instant notifications, and detailed analytics for security insights.

Screenshots

See It In Action

Clean, intuitive interface designed for security professionals and SME administrators.

Security Dashboard

Security Dashboard

Real-time metrics, threat distribution, and event timeline

IP Intelligence

IP Intelligence

Geographic visualization and comprehensive IP reputation data

Trends & Reports

Trends & Reports

Historical analysis and exportable security reports

Telegram Alerts

Smart Notifications

Real-time Telegram alerts for security events and threats

Comparison

How We Compare

See how SSH Guardian stacks up against other SSH security solutions.

Feature SSH Guardian Fail2ban OSSEC CrowdSec
ML-Based Detection 96.9% Accuracy Basic
Threat Intelligence APIs 4 Sources Limited Community
Web Dashboard Full Analytics
Real-time Alerts Telegram + Email Email only
Geographic Analysis Interactive Maps
SME-Focused Designed for SMEs Complex
Setup Time ~10 minutes ~5 minutes Hours ~30 min
Cost Free & Open Source Free Free Free
Academic Research

Masters Thesis Project

This project is part of a Masters research thesis at Asia Pacific University.

Addressing SSH Security Challenges in Small and Medium Enterprises

A Lightweight Machine Learning-Integrated Security Framework designed to provide enterprise-grade SSH protection without the complexity and cost barriers that typically exclude SMEs from advanced security solutions.

Student
Md Sohel Rana (TP086217)
Institution
Asia Pacific University
Supervisor
Dr. K.C. Arun
Module
CT095-6-M RMCE
📄 Read Full Thesis
📚

Research Methodology

Design Science Research with experimental validation on 600K+ synthetic attack scenarios

FAQ

Frequently Asked Questions

Common questions about SSH Guardian answered.

Is SSH Guardian free to use? +
Yes! SSH Guardian is completely free and open source. You can use it for personal or commercial purposes. The threat intelligence APIs have free tiers that are sufficient for most SME use cases.
What are the system requirements? +
Minimum: 2 CPU cores, 4GB RAM, 20GB storage. Recommended: 4+ cores, 8GB+ RAM, 50GB SSD. Requires Python 3.10+, MySQL 8.0+, and optionally Redis for caching.
How accurate is the ML detection? +
The Random Forest classifier achieves 96.9% accuracy with a 3.1% false positive rate. It was trained on 100,000+ labeled SSH authentication events and uses 50+ engineered features.
Can I monitor multiple servers? +
Absolutely! Install the lightweight agent on each server you want to monitor. All events are sent to the central dashboard where you can view and manage security across your entire infrastructure.
How fast is the threat response? +
SSH Guardian processes events in real-time with an average response time under 30 seconds. This includes log collection, ML analysis, threat intelligence lookup, and automated blocking.
Do I need security expertise? +
No! SSH Guardian is designed for SMEs without dedicated security teams. The intuitive dashboard, automated responses, and sensible defaults make it accessible to anyone with basic Linux knowledge.
Technology

Built With Modern Stack

Reliable, proven technologies chosen for performance and maintainability.

🐍
Python 3.12
Backend
🌶️
Flask
Web Framework
🗄️
MySQL 8.0
Database
Redis
Cache Layer
🌲
Random Forest
ML Model
📊
Scikit-learn
ML Library