A Flow-Level Taxonomy and Prevalence of Brute Force Attacks

Publication details

Authors	VYKOPAL Jan
Year of publication	2011
Type	Article in Proceedings
Conference	Advances in Computing and Communications
MU Faculty or unit	Institute of Computer Science
Citation
Web	http://dx.doi.org/10.1007/978-3-642-22714-1_69
Doi	http://dx.doi.org/10.1007/978-3-642-22714-1_69
Field	Informatics
Keywords	netflow; taxonomy; prevalence; brute force attack; SSH
Description	Online brute force and dictionary attacks against network services and web applications are ubiquitous. We present their taxonomy from the perspective of network flows. This contributes to clear evaluation of detection methods and provides better understanding of the brute force attacks within the research community. Next, we utilize the formal definitions of attacks in a long-term analysis of SSH traffic from 10 gigabit university network. The results shows that flow-based intrusion detection may profit from traffic observation of the whole network, particularly it can allow more accurate detection of the majority of brute-force attacks in high-speed networks.
Related projects:	CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment

10 reasons why you will fall in love with MU