Analysis of Credential Stealing Attacks in an Open Networked Environment

This paper analyses the forensic data on credential stealing incidents over a period of 5 years across 5000 machines monitored at the National Center for Supercomputing Applications at the University of Illinois. The analysis conducted is the first attempt in an open operational environment (i) to evaluate the intricacies of carrying out SSH-based credential stealing attacks, (ii) to highlight and quantify key characteristics of such attacks, and (iii) to provide the system level characterization of such incidents in terms of distribution of alerts and incident consequences

[1]  Tatu Ylönen,et al.  The Secure Shell (SSH) Authentication Protocol , 2006, RFC.

[2]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[3]  Stuart E. Schechter,et al.  Inoculating SSH Against Address-Harvesting Worms , 2005 .

[4]  Leif Nixon,et al.  The Stakkato Intrusions: What Happened and What Have We Learned? , 2006, CCGRID.

[5]  Stuart E. Schechter,et al.  Inoculating SSH Against Address Harvesting , 2006, NDSS.

[6]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[7]  Arrow Buttons Frequently asked questions , 2009 .

[8]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[9]  Adam Carlson,et al.  Modeling network intrusion detection alerts for correlation , 2007, ACM Trans. Inf. Syst. Secur..

[10]  Rolf Oppliger,et al.  Internet Banking: Client-Side Attacks and Protection Mechanisms , 2009, Computer.

[11]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[12]  Bruce Schneier,et al.  Two-factor authentication: too little, too late , 2005, CACM.

[13]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[14]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[15]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[16]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[17]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).