DRAŠAR, Martin and Jan VYKOPAL. Bruteforcing in the Shadows - Evading Automated Detection. 2012.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Bruteforcing in the Shadows - Evading Automated Detection
Name in Czech Skrytý bruteforcing - obcházení automatické deteckce útoků
Authors DRAŠAR, Martin (203 Czech Republic, guarantor, belonging to the institution) and Jan VYKOPAL (203 Czech Republic, belonging to the institution).
Edition 2012.
Other information
Original language English
Type of outcome Audiovisual works
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Czech Republic
Confidentiality degree is not subject to a state or trade secret
WWW Slidy prezentace Webová stránka konference
RIV identification code RIV/00216224:14610/12:00058679
Organization unit Institute of Computer Science
Keywords in English NetFlow;bruteforce attacks;flow stretching;evading detection;automatic detection;
Tags rivok
Tags International impact, Reviewed
Changed by Changed by: Mgr. Marta Novotná Buršíková, učo 15689. Changed: 7. 3. 2013 10:15.
Abstract
Networks of today face multitude of attacks of various complexities, but research of suitable defences is often done on limited or unsuitable datasets or insufficient testbeds. Therefore many proposed detection mechanisms are usable only for relatively small subsets of attacks, which significantly disturbs traffic patterns such as flooding attacks or massive port scans. At Masaryk University, which has about 15,000 networked computers, we employ a wide range of detection tools based on NetFlow, such as port scan, botnet, and brute-force attack detectors. Their initial versions proved to be useful for detecting attacks that generate significant behavioral changes in traffic patterns. However we have found that there are several techniques to lessen the behavioral impact and in effect to hide an attack from the detection mechanisms. In our presentation we will discuss three such techniques. The first one restricts the number of attempts in a given time window under the detection threshold. The second and the third ones mimic legitimate traffic either by inserting irregular delays between individual attack attempts or by exploiting features of protocols to create the illusion of legitimate traffic. These methods are inexpensive to implement, but they can be very effective for evading detection. Therefore we would like to raise awareness about them and their importance for designing new detection methods.
Links
OVMASUN200801, research and development projectName: CYBER ? Bezpečnost informačních a komunikačních systémů AČR - on line monitorování, vizualizace a filtrace paketů. Rozvoj schopností Computer Incident Response Capability v prostředí Cyber Defence. (Acronym: CYBER)
Investor: Ministry of Defence of the CR, CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment
Type Name Uploaded/Created by Uploaded/Created Rights
bruteforcing.pdf Licence Creative Commons  File version Drašar, M. 31. 5. 2012

Properties

Address within IS
https://is.muni.cz/auth/publication/970621/bruteforcing.pdf
Address for the users outside IS
https://is.muni.cz/publication/970621/bruteforcing.pdf
Address within Manager
https://is.muni.cz/auth/publication/970621/bruteforcing.pdf?info
Address within Manager for the users outside IS
https://is.muni.cz/publication/970621/bruteforcing.pdf?info
Uploaded/Created
Thu 31. 5. 2012 11:07, RNDr. Martin Drašar, Ph.D.

Rights

Right to read
  • anyone on the Internet
Right to upload
 
Right to administer:
  • a concrete person RNDr. Jan Vykopal, Ph.D., učo 98724
  • a concrete person RNDr. Martin Drašar, Ph.D., učo 98998
Attributes
 

bruteforcing.pdf

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/970621/bruteforcing.pdf
Address for the users outside IS
http://is.muni.cz/publication/970621/bruteforcing.pdf
File type
PDF (application/pdf)
Size
1,2 MB
Hash md5
505d4247a20c7ad35f6ffa71fa3e1cd3
Uploaded/Created
Thu 31. 5. 2012 11:07

bruteforcing.txt

Application
Open the file
Download file.
Address within IS
https://is.muni.cz/auth/publication/970621/bruteforcing.txt
Address for the users outside IS
http://is.muni.cz/publication/970621/bruteforcing.txt
File type
plain text (text/plain)
Size
8,3 KB
Hash md5
f70b60c7f0e94cbbf2944a7e12f8b162
Uploaded/Created
Thu 31. 5. 2012 11:08
Print
Report a file uploaded without authorization. Displayed: 12. 8. 2022 18:03