Machine Learning for Detecting Brute Force Attacks at the Network Level

Najafabadi, Maryam M.; Khoshgoftaar, Taghi M.; Kemp, Clifford; Seliya, Naeem; Zuech, Richard

doi:10.1109/bibe.2014.73

Cited by 54 publications

(27 citation statements)

References 6 publications

(7 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to that, additional attacks were run manually. The IDS SNORT 16 and manual inspection were used for labeling. Since the data set is not publicly available due to privacy concerns, we are not able to fill all properties in Table III. ISCX 2012 [28].…”

Section: Data Setmentioning

confidence: 99%

“…IT security is an important issue and much effort has been spent in the research of intrusion and insider threat detection. Many contributions have been published for processing security-related data [1]- [4], detecting botnets [5]- [8], port scans [9]- [12], brute force attacks [13]- [16] and so on. All these works have in common that they require representative network-based data sets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

535

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

Section: Data Setmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

535

235

View full text Add to dashboard Cite

show abstract

“…• Brute Force [26], [27]: A brute force attack is one of the most common attack types that threaten computer networks and break encryption. In this kind of attack, the attacker attempts to get user credentials by utilizing a repetitive method to guess username and password using automated software to get the valid account information of victims.…”

Section: B Types Of Network Attacksmentioning

confidence: 99%

Performance Analysis of Network Intrusion Detection System using Machine Learning

Alsaeedi¹,

Zubair²

2019

IJACSA

View full text Add to dashboard Cite

With the coming of the Internet and the increasing number of Internet users in recent years, the number of attacks has also increased. Protecting computers and networks is a hard task. An intrusion detection system is used to detect attacks and to protect computers and network systems from these attacks. This paper aimed to compare the performance of Random Forests, Decision Tree, Gaussian Naïve Bayes, and Support Vector Machines in detecting network attacks. An up-to-date dataset was chosen to compare the performance of these classifiers. The results of the conducted experiments demonstrate that both Random Forests and Decision Tree performed effectively in detecting attacks.

show abstract

“…Najafabadi et al investigated several kinds of machine learnings for detecting brute force attacks with real data sets in Ref. [6]. Furthermore, not limited to brute force attacks, intrusion detection with anomaly detection and machine learning has been described in Refs.…”

Section: Detecting Brute Force Attacksmentioning

confidence: 99%

TOPASE: Detection and Prevention of Brute Force Attacks with Disciplined IPs from IDS Logs

Saito

Maruhashi

Takenaka

et al. 2016

Journal of Information Processing

View full text Add to dashboard Cite

Brute force attacks are used to obtain pairs of user names and passwords illegally by using all existing pairs to login to network services. These are a major security threat faced by network service administrators. In general, to prevent brute force attacks, administrators can set limitations on the number of login trials and shut down the traffic of brute force attacks with an intrusion prevention system (IPS) at the entry point to their services. In recent years, stealthy brute force attacks that can avoid the security rules and IPS and intrusion detection system (IDS) detection have appeared. Attackers tend to arrange a large amount of hosts and allocate them fewer login trials than the limitations administrators set. In this paper, we report a kind of distributed brute force attack event (brute force attacks with disciplined IPs, or DBF) against the Remote Desktop Protocol (RDP) by analyzing IDS logs integrated from multiple sites. In DBF, a particular number of attacks is repeated automatically from a host to a service over a period. For this reason, existing countermeasures have no effect on DBF. We investigate the structure of DBF and improve the existing countermeasure system. We also present TOPASE, which is replaced at each step of the existing countermeasure system and is suitable for DBF countermeasures. TOPASE analyzes the regularity of login trials between a source host and a destination host. Furthermore, TOPASE intercepts the network traffic from the source host of the brute force attack for a specific period. As a result of the evaluation with our IDS log, we estimate the performance of TOPASE and clarify the factors that maximize TOPASE's effectiveness.

show abstract

Machine Learning for Detecting Brute Force Attacks at the Network Level

Cited by 54 publications

References 6 publications

A survey of network-based intrusion detection data sets

A survey of network-based intrusion detection data sets

Performance Analysis of Network Intrusion Detection System using Machine Learning

TOPASE: Detection and Prevention of Brute Force Attacks with Disciplined IPs from IDS Logs

Contact Info

Product

Resources

About