Abstract
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.
BibTeX (Download)
@inproceedings{Waldvogel2014SIEGE, title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans}, author = {Marcel Waldvogel and Jürgen Kollek}, editor = {Paul Müller and Bernhard Neumair and Helmut Reiser and Dreo Rodosek, Gabi}, url = {https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE.pdf https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE-slides.pdf}, year = {2014}, date = {2014-06-16}, urldate = {1000-01-01}, booktitle = {7. DFN-Forum Kommunikationstechnologien -- Beiträge der Fachtagung}, publisher = {Gesellschaft für Informatik}, series = {Lecture Notes in Informatics}, abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.}, keywords = {Federated Services, Identity Management, Intrusion Detection, Passwords, Peer, Security}, pubstate = {published}, tppubtype = {inproceedings} }