Network-based Dictionary Attack Detection
VYKOPAL, Jan, Tomáš PLESNÍK and Pavel MINAŘÍK. Network-based Dictionary Attack Detection. In Proceedings of International Conference on Future Networks (ICFN 2009). Los Alamitos, CA, USA: IEEE Computer Society, 2009, p. 23-27. ISBN 978-0-7695-3567-8. |
Other formats:
BibTeX
LaTeX
RIS
|
Basic information | |
---|---|
Original name | Network-based Dictionary Attack Detection |
Name in Czech | Síťová detekce slovníkových útoků |
Authors | VYKOPAL, Jan (203 Czech Republic, guarantor, belonging to the institution), Tomáš PLESNÍK (203 Czech Republic, belonging to the institution) and Pavel MINAŘÍK (203 Czech Republic, belonging to the institution). |
Edition | Los Alamitos, CA, USA, Proceedings of International Conference on Future Networks (ICFN 2009), p. 23-27, 5 pp. 2009. |
Publisher | IEEE Computer Society |
Other information | |
---|---|
Original language | English |
Type of outcome | Proceedings paper |
Field of Study | 10201 Computer sciences, information science, bioinformatics |
Country of publisher | Czech Republic |
Confidentiality degree | is not subject to a state or trade secret |
RIV identification code | RIV/00216224:14610/09:00040909 |
Organization unit | Institute of Computer Science |
ISBN | 978-0-7695-3567-8 |
UT WoS | 000277226500005 |
Keywords in English | NetFlow; dictionary attack; decision tree; SSH |
Tags | best3, decision tree, dictionary attack, netflow, rivok, SSH |
Tags | International impact, Reviewed |
Changed by | Changed by: Mgr. Marta Novotná Buršíková, učo 15689. Changed: 28/3/2011 13:21. |
Abstract |
---|
This paper describes the novel network-based approach to a dictionary attack detection with the ability to recognize successful attack. We analyzed SSH break-in attempts at a flow level and determined a dictionary attack pattern. This pattern was verified and compared to common SSH traffic to prevent false positives. The SSH dictionary attack pattern was implemented using decision tree technique. The evaluation was performed in a large high-speed university network with promising results. |
Abstract (in Czech) |
---|
Článek popisuje nový síťový přístup k detekci slovníkových útoků vč. schopnosti rozeznat úspěšný útok. Analyzovali jsme útoky na službu SSH na úrovni síťových toků a na základě toho odvodili vzor slovníkového útoku. Tento vzor byl prověřen a srovnán s běžným SSH provozem tak, abychom vyloučili falešné poplachy. Vzor slovníkových útoků na SSH byl implementován pomocí rozhodovacího stromu. Testování se slibnými výsledky bylo provedeno ve velké vysokorychlostní univerzitní síti. |
Links | |
---|---|
OVMASUN200801, research and development project | Name: CYBER ? Bezpečnost informačních a komunikačních systémů AČR - on line monitorování, vizualizace a filtrace paketů. Rozvoj schopností Computer Incident Response Capability v prostředí Cyber Defence. (Acronym: CYBER) |
Investor: Ministry of Defence of the CR, CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment |
PrintDisplayed: 28/9/2024 07:26