A distributed active response architecture for preventing SSH dictionary attacks

Thames, J. Lane; Abler, Randal; Keeling, David

doi:10.1109/secon.2008.4494264

Cited by 17 publications

(17 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, it is well known that automated password attacks on SSH servers are currently on-going [21,25,26]. For reasons possibly related to marketing and public relations, the extent and success of similar password attacks on businesses, banks, and so on, are harder to find public information about, being less commonly reported if at all.…”

Section: Background and Related Workmentioning

confidence: 99%

Improving text passwords through persuasion

Forget

Chiasson

Oorschot

et al. 2008

Proceedings of the 4th Symposium on Usable Privacy and Security

110

View full text Add to dashboard Cite

Password restriction policies and advice on creating secure passwords have limited effects on password strength. Influencing users to create more secure passwords remains an open problem. We have developed Persuasive Text Passwords (PTP), a text password creation system which leverages Persuasive Technology principles to influence users in creating more secure passwords without sacrificing usability. After users choose a password during creation, PTP improves its security by placing randomly-chosen characters at random positions into the password. Users may shuffle to be presented with randomly-chosen and positioned characters until they find a combination they feel is memorable. In this paper, we present an 83-participant user study testing four PTP variations. Our results show that the PTP variations significantly improved the security of users' passwords. We also found that those participants who had a high number of random characters placed into their passwords would deliberately choose weaker pre-improvement passwords to compensate for the memory load. As a consequence of this compensatory behaviour, there was a limit to the gain in password security achieved by PTP.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Improving text passwords through persuasion

Forget

Chiasson

Oorschot

et al. 2008

Proceedings of the 4th Symposium on Usable Privacy and Security

110

View full text Add to dashboard Cite

show abstract

“…Further connections from a client were denied by dynamically adding a rule, if the number of unsuccessful login attempts exceeded a pre-defined threshold. Thames et al [26] outlined a new architecture for preventing SSH dictionary attacks. In this architecture, trustworthy servers gathered, analyzed, and distributed information about malicious clients through collaboration.…”

Section: Related Work and Limitationsmentioning

confidence: 99%

A New Approach to Identify User Authentication Methods toward SSH Dictionary Attack Detection

Satoh

Nakamura

Ikenaga

2015

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYA dictionary attack against SSH is a common security threat. Many methods rely on network traffic to detect SSH dictionary attacks because the connections of remote login, file transfer, and TCP/IP forwarding are visibly distinct from those of attacks. However, these methods incorrectly judge the connections of automated operation tasks as those of attacks due to their mutual similarities. In this paper, we propose a new approach to identify user authentication methods on SSH connections and to remove connections that employ non-keystroke based authentication. This approach is based on two perspectives: (1) an SSH dictionary attack targets a host that provides keystroke based authentication; and (2) automated tasks through SSH need to support non-keystroke based authentication. Keystroke based authentication relies on a character string that is input by a human; in contrast, non-keystroke based authentication relies on information other than a character string. We evaluated the effectiveness of our approach through experiments on real network traffic at the edges in four campus networks, and the experimental results showed that our approach provides high identification accuracy with only a few errors. key words: SSH dictionary attack, user authentication method, flow analysis, network operation

show abstract

“…It is complicated to detect such attacks, especially low-profile ones, because an isolated attack attempt differs from a legitimate one only by intention and not any measurable properties. That is why they are so prevalent [3], [7], [9]. However, they do not receive enough academic attention as most research is focused on DoS attacks, botnet activity and other disturbant behavior [8].…”

Section: Dictionary Attacksmentioning

confidence: 99%

Protocol-Independent Detection of Dictionary Attacks

Drašar¹

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Data throughput of current high-speed networks makes it prohibitively expensive to detect attacks using conventional means of deep packet inspection. The network behavior analysis seemed to be a solution, but it lacks in several aspects. The academic research focuses on sophisticated and advanced detection schemes that are, however, often problematic to deploy into the production. In this paper we try different approach and take inspiration from industry practice of using relatively simple but effective solutions. We introduce a model of malicious traffic based on practical experience that can be used to create simple and effective detection methods. This model was used to develop a successful proof-of-concept method for protocol-independent detection of dictionary attacks that is validated with empirical data in this paper.

show abstract

A distributed active response architecture for preventing SSH dictionary attacks

Cited by 17 publications

References 2 publications

Improving text passwords through persuasion

Improving text passwords through persuasion

A New Approach to Identify User Authentication Methods toward SSH Dictionary Attack Detection

Protocol-Independent Detection of Dictionary Attacks

Contact Info

Product

Resources

About