Detailed Information on Publication Record

DRAŠAR, Martin. Protocol-independent Detection of Dictionary Attacks. In Advances in Communication Networking. Berlin: Springer Berlin Heidelberg, 2013, p. 304-309. ISBN 978-3-642-40551-8.

Other formats: BibTeX LaTeX RIS

Basic information
Original name	Protocol-independent Detection of Dictionary Attacks
Name in Czech	Detekce slovníkových útoků nezávisla na aplikačním protokolu
Authors	DRAŠAR, Martin (203 Czech Republic, guarantor, belonging to the institution).
Edition	Berlin, Advances in Communication Networking, p. 304-309, 6 pp. 2013.
Publisher	Springer Berlin Heidelberg

Other information
Original language	English
Type of outcome	Proceedings paper
Field of Study	Informatics
Country of publisher	Germany
Confidentiality degree	is not subject to a state or trade secret
Publication form	printed version "print"
RIV identification code	RIV/00216224:14610/13:00065726
Organization	Ústav výpočetní techniky – Repository – Repository
ISBN	978-3-642-40551-8
ISSN	0302-9743
Keywords in English	traffic classes; anomaly detection; network behavior analysis
Links	VF20132015031, research and development project.
Changed by	Changed by: RNDr. Daniel Jakubík, učo 139797. Changed: 1/9/2020 16:19.

Abstract
Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper.

Abstract

Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper.