论文信息 - Protocol-Independent Detection of Dictionary Attacks

Protocol-Independent Detection of Dictionary Attacks

Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper.

Martin Drasar

[1] Aiko Pras,et al. An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[2] J.L. Thames,et al. A distributed active response architecture for preventing SSH dictionary attacks , 2008, IEEE SoutheastCon 2008.

[3] Jan Vykopal,et al. A Flow-Level Taxonomy and Prevalence of Brute Force Attacks , 2011, ACC.

[4] Martin Husák,et al. Flow-based Monitoring of Honeypots , 2013 .

[5] Jan Vykopal,et al. Flow-based detection of RDP brute-force attacks , 2013 .

[6] Fabio A. González,et al. CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[7] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[8] Martin Waldburger,et al. Dependable Networks and Services , 2012, Lecture Notes in Computer Science.

[9] Aiko Pras,et al. SSHCure: A Flow-Based SSH Intrusion Detection System , 2012, AIMS.

[10] Alfred Menezes,et al. Identification and Entity Authentication , 1996, Handbook of Applied Cryptography.