Network-Based Dictionary Attack Detection
- 1 March 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
This paper describes the novel network-based approach to a dictionary attack detection with the ability to recognize successful attack. We analyzed SSH break-in attempts at a flow level and determined a dictionary attack pattern. This pattern was verified and compared to common SSH traffic to prevent false positives. The SSH dictionary attack pattern was implemented using decision tree technique. The evaluation was performed in a large high-speed university network with promising results.Keywords
This publication has 5 references indexed in Scilit:
- A distributed active response architecture for preventing SSH dictionary attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Agent-Based Network Intrusion Detection SystemPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Lessons learned from the deployment of a high-interaction honeypotPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Password memorability and security: empirical resultsIEEE Security & Privacy, 2004
- Securing passwords against dictionary attacksPublished by Association for Computing Machinery (ACM) ,2002