TOPASE: Detection of brute force attacks used disciplined IPs from IDS log

Author

Honda, Satomi ; Unno, Yuki ; Maruhashi, Koji ; Takenaka, Masahiko ; Torii, Satoru

Author_Institution

FUJITSU Labs. Ltd., Kanagawa, Japan

fYear

2015

fDate

11-15 May 2015

Firstpage

1361

Lastpage

1364

Abstract

In recent years, there exists stealthy brute force attacks that can avoid the security rules and detection by IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). Attackers tend to arrange innumerable hosts and allocate them fewer login trials than the limitations the administrators have set. In this paper, we report a brute force attack event (Brute force attacks with disciplined IPs, DBF) by analyzing log with site-federated viewpoint analysis. The analyses can lead us to the structure of DBF and the existence of attackers behind the DBF. We also present TOPASE, which detect victim hosts of DBF. Combining TOPASE and shutting down based on the regularity of DBF can mitigate the DBFs to those victims.

Keywords

computer crime; computer network security; DBF structure; IDS log; IPS algorithm; TOPASE; brute force attack event; brute force attacks detection; disciplined IPs; innumerable hosts; intrusion detection system; intrusion prevention system; login trials; security detection; security rules; site-federated viewpoint analysis; victim hosts detection; Conferences; Correlation; Force; Grippers; Intrusion detection; Standards;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on

Conference_Location

Ottawa, ON

Type

conf

DOI

10.1109/INM.2015.7140496

Filename

7140496