基于流量特征的登录账号密码暴力破解攻击检测方法

魏琴芳; 杨子明; 胡向东; 张峰; 郭智慧; 付俊

doi:10.13718/j.cnki.xdzk.2017.07.023

VIZVÁRY M, VYKOPAL J. Flow-Based Detection of RDP Brute-Force Attacks [C]//Proceedings of 7th International Conference on Security and Protection of Information. New York: IEEE Computer Society Press, 2013: 131-137.

THAMES J L, ABLER R, Keeling D. A Distributed Active Response Architecture for Preventing SSH Dictionary Attacks [C]//IEEE Southeast Conference. New York: IEEE Computer Society Press, 2008: 84-89.

VYKOPAL J, PLESNIK T, MINARIK P. Network-Based Dictionary Attack Detection [C] //2009 International Conference on Future Networks. New York: IEEE Computer Society Press, 2009: 23-27.

JAEGER D, USSATH M, CHENG F, et al. Multi-Step Attack Pattern Detection on Normalized Event Logs [C]//2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. New York: IEEE Computer Society Press, 2015: 390-398.

NAJAFABADI M M, KHOSHGOFTAAR T M, KEMP C, et al. Machine Learning for Detecting Brute Force Attacks at the Network Level [C]// 2014 IEEE International Conference on Bioinformatics and Bioengineering. New York: IEEE Computer Society Press, 2014: 379-385.

HELLEMONS L, HENDRIKS L, HOFSTEDE R, et al. SSH Cure: A Flow-Based SSH Intrusion Detection System [C]//IFIP International Conference on Autonomous Infrastructure, Management and Security. Berlin: Springer, 2012: 86-97.

VYKOPAL J. Flow-Based Brute-Force Attack Detection in Large and High-Speed Networks [D]. Czech: Masaryk University, 2013.

ABDOU A R, BARRERA D, VAN OORSCHOT P C. What Lies Beneath? Analyzing Automated SSH Brute Force Attacks [C]//International Conference on Passwords. Berlin: Springer 2015: 72-91.https://link.springer.com/chapter/10.1007/978-3-319-29938-9_6/fulltext.html

CREECH G, HU J. A Semantic Approach To Host-Based Intrusion Detection Systems Using Contiguous and Discontiguous System Call Patterns [J]. IEEE Transactions on Computers, 2014, 63(4): 807-819. doi: 10.1109/TC.2013.13

KHEIRKHAH E, AMIN S M P, SISTANI H A J, et al. An Experimental Study of SSH Attacks by Using Honeypot Decoys [J]. Indian Journal of Science and Technology, 2013, 6(12): 5567-5578.

ALSALEH M, MANNAN M, VAN OORSCHOT P C. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks [J]. IEEE Transactions on Dependable and Secure Computing, 2012, 9(1): 128-141. doi: 10.1109/TDSC.2011.24

LEE J K, KIM S J, PARK C Y, et al. Heavy-Tailed Distribution of the SSH Brute-Force Attack Duration In a Multi-User Environment [J]. Journal of the Korean Physical Society, 2016, 69(2): 253-258. doi: 10.3938/jkps.69.253

SATOH A, NAKAMURA Y, IKENAGA T. A New Approach to Identify User Authentication Methods Toward SSH Dictionary Attack Detection [J]. IEICE Transactions on Information and Systems, 2015, 98(4): 760-768.

JONKER M, HOFSTEDE R, SPEROTTO A, et al. Unveiling Flat Traffic on the Internet: An SSH Attack Case Study [C] //2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). New York: IEEE Computer Society Press, 2015: 270-278.

SATOH A, NAKAMURA Y, IKENAGA T. A Flow-Based Detection Method for Stealthy Dictionary Attacks Against Secure Shell [J]. Journal of Information Security and Applications, 2015, 21: 31-41. doi: 10.1016/j.jisa.2014.08.003