SIEGE: Service-Independent Enterprise-GradE protection against password scans

Marcel Waldvogel, Jürgen Kollek: SIEGE: Service-Independent Enterprise-GradE protection against password scans. In: DFN-Mitteilungen, (87), S. 40–46, 2014, ISSN: 0177-6894.

Abstract

Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.

BibTeX (Download)

@article{Waldvogel2014SIEGE-DFN,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
editor = {Kai Hoelzner},
url = {https://netfuture.ch/wp-content/uploads/2014/12/SIEGE-DFN.pdf
https://www.dfn.de/fileadmin/5Presse/DFNMitteilungen/DFN_Mitteilungen_87.pdf},
issn = {0177-6894},
year  = {2014},
date = {2014-11-30},
journal = {DFN-Mitteilungen},
number = {87},
pages = {40--46},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.},
keywords = {Federated Services, Intrusion Detection, Security},
pubstate = {published},
tppubtype = {article}
}

Schreibe einen Kommentar