Protocol-independent Detection of Dictionary Attacks
| Název česky | Detekce slovníkových útoků nezávisla na aplikačním protokolu |
|---|---|
| Autoři | |
| Rok publikování | 2013 |
| Druh | Článek ve sborníku |
| Konference | Advances in Communication Networking |
| Fakulta / Pracoviště MU | |
| Citace | |
| Doi | http://dx.doi.org/10.1007/978-3-642-40552-5_30 |
| Obor | Informatika |
| Klíčová slova | traffic classes; anomaly detection; network behavior analysis |
| Přiložené soubory | |
| Popis | Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper. |
| Související projekty: |