Sharing SSH Threat Intelligence across Multiple Servers using WebSocket and Fail2Ban

  • Aristo Tely State Polytechnic of Sriwijaya
  • Aryanti Aryanti State Polytechnic of Sriwijaya
  • Sopian Soim State Polytechnic of Sriwijaya
Keywords: Fail2Ban, WebSocket, SSH Security, Intrusion Prevention System, Threat Intelligence Sharing

Abstract

This study presents a lightweight prototype designed to improve SSH brute-force defense by enabling collaborative IP blocking across multiple servers. The system integrates Fail2Ban with WebSocket to distribute banned IP addresses in real-time among trusted nodes eliminating the need for centralized infrastructure. The experiment was conducted on 3 virtual private servers (VPS), where one acted as the WebSocket server and the others as clients equipped with Fail2Ban. When an SSH brute-force attack is detected, the source IP is automatically shared across the network and blocked on all connected nodes. A qualitative observational approach was used to evaluate the system’s feasibility. Log data from the clients and server was analyzed to confirm the accuracy and consistency of IP synchronization. The results showed that banned IPs were propagated and enforced on all nodes within seconds of detection. These findings demonstrate the potential for decentralized, lightweight collaboration among SSH servers to enhance security without introducing complex infrastructure or external dependencies.

Downloads

Download data is not yet available.

References

A. Irsheid, A. Murad, M. AlNajdawi, and A. Qusef, “Information security risk management models for cloud hosted systems: A comparative study,” Procedia Comput Sci, vol. 204, pp. 205–217, 2022, doi: https://doi.org/10.1016/j.procs.2022.08.025.

A. Kumar, I. Budhiraja, D. Garg, S. Garg, B. J. Choi, and M. Alrashoud, “Advanced network security with an integrated trust-based intrusion detection system for routing protocol,” Alexandria Engineering Journal, vol. 120, pp. 378–390, May 2025, doi: https://doi.org/10.1016/j.aej.2025.01.087.

A. F. Otoom, W. Eleisah, and E. E. Abdallah, “Deep Learning for Accurate Detection of Brute Force attacks on IoT Networks,” Procedia Comput Sci, vol. 220, pp. 291–298, 2023, doi: https://doi.org/10.1016/j.procs.2023.03.038.

S. Sentanoe and H. P. Reiser, “SSHkex: Leveraging virtual machine introspection for extracting SSH keys and decrypting SSH network traffic,” Forensic Science International: Digital Investigation, vol. 40, p. 301337, Apr. 2022, doi: https://doi.org/10.1016/j.fsidi.2022.301337.

P. Ajay, B. Nagaraj, R. Arun Kumar, V. Suthana, and M. Ruth Keziah, “DBN-protected material Enhanced intrusion prevention sensor system defends against cyber attacks in the IoT devices,” Measurement: Sensors, vol. 34, p. 101263, Aug. 2024, doi: https://doi.org/10.1016/j.measen.2024.101263.

A. Allami, T. Nicewarner, K. Goss, A. Kundu, W. Jiang, and D. Lin, “Oblivious and distributed firewall policies for securing firewalls from malicious attacks,” Comput Secur, vol. 150, p. 104201, Mar. 2025, doi: https://doi.org/10.1016/j.cose.2024.104201.

M. Srinivasan and N. C. Senthilkumar, “Intrusion Detection and Prevention System (IDPS) Model for IIoT Environments Using Hybridized Framework,” IEEE Access, vol. 13, pp. 26608–26621, 2025, doi: https://doi.org/10.1109/ACCESS.2025.3538461.

R. V. Mendonca et al., “Intrusion Detection System Based on Fast Hierarchical Deep Convolutional Neural Network,” IEEE Access, vol. 9, pp. 61024–61034, 2021, doi: https://doi.org/10.1109/ACCESS.2021.3074664.

J. Park, J. Kim, B. B. Gupta, and N. Park, “Network Log-Based SSH Brute-Force Attack Detection Model,” Computers, Materials & Continua, vol. 68, no. 1, pp. 887–901, 2021, doi: https://doi.org/10.32604/cmc.2021.015172.

T. Mohamed Ahmed, “Developing Check-Point Mechanism to Protect Mobile Agent Free-Roaming Against Untrusted Hosts,” Computers, Materials & Continua, vol. 72, no. 2, pp. 3849–3862, 2022, doi: https://doi.org/10.32604/cmc.2022.025582.

T. Kumar, P. Sharma, X. Cheng, S. Lalar, S. Kumar, and S. Bansal, “Enhanced Triple Layered Approach for Mitigating Security Risks in Cloud,” Computers, Materials & Continua, vol. 83, no. 1, pp. 719–738, 2025, doi: https://doi.org/10.32604/cmc.2025.060836.

E. Seid, O. Popov, and F. Blix, “Evaluation of Asfalia, a Security Attack Event Monitoring Framework,” Procedia Comput Sci, vol. 237, pp. 793–802, 2024, doi: https://doi.org/10.1016/j.procs.2024.05.167.

S. Girish Savadatti, K. Srinivasan, and Y.-C. Hu, “A Bibliometric Analysis of Agent-Based Systems in Cybersecurity and Broader Security Domains: Trends and Insights,” IEEE Access, vol. 13, pp. 90–119, 2025, doi: https://doi.org/10.1109/ACCESS.2024.3520583.

M. J. Shayegan and A. Damghanian, “A Method for DDoS Attacks Prevention Using SDN and NFV,” IEEE Access, vol. 12, pp. 108176–108184, 2024, doi: https://doi.org/10.1109/ACCESS.2024.3438538.

M. A. Elsadig, “Detection of Denial-of-Service Attack in Wireless Sensor Networks: A Lightweight Machine Learning Approach,” IEEE Access, vol. 11, pp. 83537–83552, 2023, doi: https://doi.org/10.1109/ACCESS.2023.3303113.

J. Halladay et al., “Detection and Characterization of DDoS Attacks Using Time-Based Features,” IEEE Access, vol. 10, pp. 49794–49807, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3173319.

H. Artajaya, Julieta, J. Giancarlos, J. V. Moniaga, and A. Chowanda, “Development of a Secure Web Based Application to Automate Data Synchronization and Processing,” Procedia Comput Sci, vol. 245, pp. 1175–1181, 2024, doi: https://doi.org/10.1016/j.procs.2024.10.347.

I. A. Saeed, A. Selamat, M. F. Rohani, O. Krejcar, and J. A. Chaudhry, “A Systematic State-of-the-Art Analysis of Multi-Agent Intrusion Detection,” IEEE Access, vol. 8, pp. 180184–180209, 2020, doi: https://doi.org/10.1109/ACCESS.2020.3027463.

J. E. Varghese and B. Muniyal, “An Efficient IDS Framework for DDoS Attacks in SDN Environment,” IEEE Access, vol. 9, pp. 69680–69699, 2021, doi: https://doi.org/10.1109/ACCESS.2021.3078065.

M. Nadeem, A. Arshad, S. Riaz, S. S. Band, and A. Mosavi, “Intercept the Cloud Network From Brute Force and DDoS Attacks via Intrusion Detection and Prevention System,” IEEE Access, vol. 9, pp. 152300–152309, 2021, doi: https://doi.org/10.1109/ACCESS.2021.3126535.

S. Al Amro, “Securing Internet of Things Devices with Federated Learning: A Privacy-Preserving Approach for Distributed Intrusion Detection,” Computers, Materials & Continua, vol. 83, no. 3, pp. 4623–4658, 2025, doi: https://doi.org/10.32604/cmc.2025.063734.

A. M. Alnajim, F. M. Alotaibi, and S. Khan, “Detecting and Mitigating Distributed Denial of Service Attacks in Software-Defined Networking,” Computers, Materials & Continua, vol. 83, no. 3, pp. 4515–4535, 2025, doi: https://doi.org/10.32604/cmc.2025.063139.

B. Alluhaybi, M. S. Alrahhal, A. Alzahrani, and V. Thayananthan, “Dummy-Based Approach for Protecting Mobile Agents Against Malicious Destination Machines,” IEEE Access, vol. 8, pp. 129320–129337, 2020, doi: https://doi.org/10.1109/ACCESS.2020.3009245.

M. Elgamal, A. Abdel Menaem, M. A. Alotaibi, V. Oboskalov, and A. Elmitwally, “Distributed agents structure for current-only adaptive relaying scheme reinforced against failures and cyberattacks,” Ain Shams Engineering Journal, vol. 15, no. 12, p. 103143, Dec. 2024, doi: https://doi.org/10.1016/j.asej.2024.103143.

A. S. Abdelfattah, T. Abdelkader, and E.-S. M. EI-Horbaty, “RAMWS: Reliable approach using middleware and WebSockets in mobile cloud computing,” Ain Shams Engineering Journal, vol. 11, no. 4, pp. 1083–1092, Dec. 2020, doi: https://doi.org/10.1016/j.asej.2020.04.002.

M. Ouhssini, K. Afdel, M. Akouhar, E. Agherrabi, and A. Abarda, “Advancements in detecting, preventing, and mitigating DDoS attacks in cloud environments: A comprehensive systematic review of state-of-the-art approaches,” Egyptian Informatics Journal, vol. 27, p. 100517, Sep. 2024, doi: https://doi.org/10.1016/j.eij.2024.100517.

Published
2025-07-31
How to Cite
Tely, A., Aryanti, A., & Soim, S. (2025). Sharing SSH Threat Intelligence across Multiple Servers using WebSocket and Fail2Ban. ITEJ (Information Technology Engineering Journals), 10(2), 221 - 229. https://doi.org/10.24235/itej.v10i2.270