Abstract
Online brute force and dictionary attacks against network services and web applications are ubiquitous. We present their taxonomy from the perspective of network flows. This contributes to clear evaluation of detection methods and provides better understanding of the brute force attacks within the research community. Next, we utilize the formal definitions of attacks in a long-term analysis of SSH traffic from 10 gigabit university network. The results shows that flow-based intrusion detection may profit from traffic observation of the whole network, particularly it can allow more accurate detection of the majority of brute-force attacks in high-speed networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., Herrb, M.: Lessons learned from the deployment of a high-interaction honeypot. In: EDCC 2006: Proceedings of the Sixth European Dependable Computing Conference, pp. 39–46. IEEE Computer Society Press, Washington, DC, USA (2006)
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (October 2004)
Hewlett-Packard Development Company. Top Cyber Security Risks Threat Report for (2010), http://dvlabs.tippingpoint.com/toprisks2010
Dragon Research Group. sshpwauth report (2010), http://www.dragonresearchgroup.org/insight/sshpwauth.txt
Haag, P.: NFDUMP - NetFlow processing tools (2009), http://nfdump.sourceforge.net/
INVEA-TECH. Standard FlowMon Probe (2009), http://www.invea-tech.com/
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A., Rivest, R.L.: Identification and Entity Authentication. In: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
C. Seifert. Analyzing Malicious SSH Login Attempts (2006), http://www.securityfocus.com/infocus/1876 (retrieved online January 3, 2010)
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. Communications Surveys Tutorials 12(3), 343–356 (2010)
Thames, J.L., Abler, R., Keeling, D.: A Distributed Active Response Architecture for Preventing SSH Dictionary Attacks. In: IEEE Southeastcon 2008, pp. 84–89 (2008)
Trammell, B., Boschi, E.: Bidirectional Flow Export Using IP Flow Information Export (IPFIX). RFC 5103 (Proposed Standard) (January 2008)
Zezula, P., Amato, G., Dohnal, V., Batko, M.: Similarity Search - The Metric Space Approach, vol. 32. Springer, Heidelberg (2006)
Čeleda, P., Krejčí, R.: Embedded Malware An Analysis of the Chuck Norris Botnet. In: To appear in European Conference on Computer Network Defense (EC2ND) (October 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vykopal, J. (2011). A Flow-Level Taxonomy and Prevalence of Brute Force Attacks. In: Abraham, A., Lloret Mauri, J., Buford, J.F., Suzuki, J., Thampi, S.M. (eds) Advances in Computing and Communications. ACC 2011. Communications in Computer and Information Science, vol 191. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22714-1_69
Download citation
DOI: https://doi.org/10.1007/978-3-642-22714-1_69
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22713-4
Online ISBN: 978-3-642-22714-1
eBook Packages: Computer ScienceComputer Science (R0)