مرکز منطقه ای اطلاع رساني علوم و فناوري - Network-Based Dictionary Attack Detection

DocumentCode :

2752783

Title :

Network-Based Dictionary Attack Detection

Author :

Vykopal, Jan ; Plesnik, Tomas ; Minarik, Pavel

Author_Institution :

Inst. of Comput. Sci., Brno, Czech Republic

fYear :

2009

fDate :

7-9 March 2009

Firstpage :

Lastpage :

Abstract :

This paper describes the novel network-based approach to a dictionary attack detection with the ability to recognize successful attack. We analyzed SSH break-in attempts at a flow level and determined a dictionary attack pattern. This pattern was verified and compared to common SSH traffic to prevent false positives. The SSH dictionary attack pattern was implemented using decision tree technique. The evaluation was performed in a large high-speed university network with promising results.

Keywords :

authorisation; computer crime; decision trees; educational technology; message authentication; SSH break-in attempts; SSH dictionary attack pattern; SSH traffic; attack recognition; decision tree; flow level; high-speed university network; host via secure shell; network-based dictionary attack detection; Authentication; Computer networks; Data encapsulation; Decision trees; Dictionaries; ISO standards; Intrusion detection; Pattern analysis; Performance evaluation; Telecommunication traffic; NetFlow; SSH; detection; dictionary attack;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Future Networks, 2009 International Conference on

Conference_Location :

Bangkok

Print_ISBN :

978-0-7695-3567-8

Type :

conf

DOI :

10.1109/ICFN.2009.36

Filename :

5189892

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2752783