TOPASE: Detection of brute force attacks used disciplined IPs from IDS log

TOPASE: Detection of brute force attacks used disciplined IPs from IDS log

In recent years, there exists stealthy brute force attacks that can avoid the security rules and detection by IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). Attackers tend to arrange innumerable hosts and allocate them fewer login trials than the limitations the administrato...

Full description

Saved in:
Bibliographic Details
Published in:2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) pp. 1361 - 1364
Main Authors: Honda, Satomi, Unno, Yuki, Maruhashi, Koji, Takenaka, Masahiko, Torii, Satoru
Format: Conference Proceeding
Language:English
Published: IEEE 01-05-2015
Subjects:
Conferences
Correlation
Force
Grippers
Intrusion detection
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In recent years, there exists stealthy brute force attacks that can avoid the security rules and detection by IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). Attackers tend to arrange innumerable hosts and allocate them fewer login trials than the limitations the administrators have set. In this paper, we report a brute force attack event (Brute force attacks with disciplined IPs, DBF) by analyzing log with site-federated viewpoint analysis. The analyses can lead us to the structure of DBF and the existence of attackers behind the DBF. We also present TOPASE, which detect victim hosts of DBF. Combining TOPASE and shutting down based on the regularity of DBF can mitigate the DBFs to those victims.
ISSN:1573-0077
DOI:10.1109/INM.2015.7140496