Home // AICT 2012, The Eighth Advanced International Conference on Telecommunications // View article

Fast Network-Based Brute-Force Detection

Authors:
Robert Koch
Gabi Dreo Rodosek

Keywords: brute force; intrusion detection; network-based; similarity; inherent knowledge

Abstract:
Different traditional business divisions like distance selling or money transfers enhanced or even switched to the Internet, others emerged directly from it and a billion dollar business evolved over the past years. Therefore, the high fiscal values are alluring criminals. Attacks with the aid of the Internet can be executed from a safe distance, different (or even missing) IT laws in different countries are hampering the transboundary criminal execution. For example, brute-force attacks to gain access to systems and servers are still a popular and successful attack type. After gaining access, sensitive data can be copied, spyware can be installed, etc. Current protection mechanisms require extensive administration or can reduce network performance. Therefore, we propose a new architecture for network-based brute-force detection in encrypted environments. The system evaluates the similarity of the network packet payload-sizes of different connections. No information about the encryption in use or the functionality of the authorization process is required. Based on the high similarity of rejected connections, an identification of brute-force attacks is realized.

Pages: 184 to 190

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-4030

ISBN: 978-1-61208-199-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012