Network-based Dictionary Attack Detection

• Authors: VYKOPAL Jan; PLESNÍK Tomáš; MINAŘÍK Pavel
• Year of publication: 2009
• Type: Article in Proceedings
• Conference: Proceedings of International Conference on Future Networks (ICFN 2009)
• MU Faculty or unit: Institute of Computer Science
• Field: Informatics
• Keywords: NetFlow; dictionary attack; decision tree; SSH
• Description: This paper describes the novel network-based approach to a dictionary attack detection with the ability to recognize successful attack. We analyzed SSH break-in attempts at a flow level and determined a dictionary attack pattern. This pattern was verified and compared to common SSH traffic to prevent false positives. The SSH dictionary attack pattern was implemented using decision tree technique. The evaluation was performed in a large high-speed university network with promising results.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment