Bruteforcing in the Shadows - Evading Automated Detection

Bruteforcing in the Shadows - Evading Automated Detection Tato aplikace je zatím určena pro spuštění na stolním počítači. Na tomto mobilním zařízení je také funkční, ale zatím plně nevyužívá jeho možností.

Tato aplikace je zatím určena pro spuštění na stolním počítači. Na tomto mobilním zařízení je také funkční, ale zatím plně nevyužívá jeho možností.

Detailed Information on Publication Record

DRAŠAR, Martin and Jan VYKOPAL. Bruteforcing in the Shadows - Evading Automated Detection. 2012.

Other formats: BibTeX LaTeX RIS

Basic information
Original name	Bruteforcing in the Shadows - Evading Automated Detection
Name in Czech	Skrytý bruteforcing - obcházení automatické deteckce útoků
Authors	DRAŠAR, Martin (203 Czech Republic, guarantor, belonging to the institution) and Jan VYKOPAL (203 Czech Republic, belonging to the institution).
Edition	2012.

Other information
Original language	English
Type of outcome	Audiovisual works
Field of Study	Informatics
Country of publisher	Czech Republic
Confidentiality degree	is not subject to a state or trade secret
WWW	URL URL
RIV identification code	RIV/00216224:14610/12:00058679
Organization	Ústav výpočetní techniky – Repository – Repository
Keywords in English	NetFlow;bruteforce attacks;flow stretching;evading detection;automatic detection;
Links	OVMASUN200801, research and development project.
Changed by	Changed by: RNDr. Daniel Jakubík, učo 139797. Changed: 1/9/2020 11:59.

Abstract

Networks of today face multitude of attacks of various complexities, but research of suitable defences is often done on limited or unsuitable datasets or insufficient testbeds. Therefore many proposed detection mechanisms are usable only for relatively small subsets of attacks, which significantly disturbs traffic patterns such as flooding attacks or massive port scans. At Masaryk University, which has about 15,000 networked computers, we employ a wide range of detection tools based on NetFlow, such as port scan, botnet, and brute-force attack detectors. Their initial versions proved to be useful for detecting attacks that generate significant behavioral changes in traffic patterns. However we have found that there are several techniques to lessen the behavioral impact and in effect to hide an attack from the detection mechanisms. In our presentation we will discuss three such techniques. The first one restricts the number of attempts in a given time window under the detection threshold. The second and the third ones mimic legitimate traffic either by inserting irregular delays between individual attack attempts or by exploiting features of protocols to create the illusion of legitimate traffic. These methods are inexpensive to implement, but they can be very effective for evading detection. Therefore we would like to raise awareness about them and their importance for designing new detection methods.

Type	Name	Uploaded/Created by	Uploaded/Created
	bruteforcing.pdf		1/9/2020
Properties Name bruteforcing.pdf Address within IS https://repozitar.cz/auth/repo/15864/893859/ Address for the users outside IS https://repozitar.cz/repo/15864/893859/ Address within Manager https://repozitar.cz/auth/repo/15864/893859/?info Address within Manager for the users outside IS https://repozitar.cz/repo/15864/893859/?info Uploaded/Created Tue 1/9/2020 11:59 Rights Right to read anyone on the Internet Right to upload Right to administer: a concrete person Mgr. Lucie Vařechová, uco 106253 a concrete person RNDr. Daniel Jakubík, uco 139797 a concrete person Mgr. Jolana Surýnková, uco 220973 Attributes

Print
Add to clipboard Displayed: 30/4/2024 14:47

Detailed Information on Publication Record

Properties

Rights

Other applications