Protecting financial institutions from brute-force attacks

被引:0
|
作者
Herley, Cormac [1 ]
Florencio, Dinei [1 ]
机构
[1] Microsoft Res, Redmond, WA USA
来源
PROCEEDINGS OF THE IFIP TC 11/ 23RD INTERNATIONAL INFORMATION SECURITY CONFERENCE | 2008年
关键词
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
We examine the problem, of protecting online banking accounts from password brute-forcing attacks. Our method is to create a large number of honeypot userID-password, pairs. Presentation of any of these honeypot credentials causes the attacker to be logged into a honeypot account with fictitious attributes. For the attacker to tell the difference between a honeypot and a real account lie must attempt to transfer money out. We show that is simple to ensure that a brute-force attacker will encounter hundreds or even. thousands of honeypot accounts for every real break-in. His activity in the honeypots provides the data by which the bank learns the attackers attempts to tell real from honeypot accounts, and his cash. out strategy.
引用
收藏
页码:681 / 685
页数:5
相关论文
共 50 条
  • [1] GenoGuard: Protecting Genomic Data against Brute-Force Attacks
    Huang, Zhicong
    Ayday, Erman
    Fellay, Jacques
    Hubaux, Jean-Pierre
    Juels, Ari
    2015 IEEE SYMPOSIUM ON SECURITY AND PRIVACY SP 2015, 2015, : 447 - 462
  • [2] Detecting Brute-Force Attacks on Cryptocurrency Wallets
    Kiktenko, E. O.
    Kudinov, M. A.
    Fedorov, A. K.
    BUSINESS INFORMATION SYSTEMS WORKSHOPS, BIS 2019, 2019, 373 : 232 - 242
  • [3] Privacy Against Brute-Force Inference Attacks
    Osia, Seyed Ali
    Rassouli, Borzoo
    Haddadi, Hamed
    Rabiee, Hamid R.
    Gunduz, Deniz
    2019 IEEE INTERNATIONAL SYMPOSIUM ON INFORMATION THEORY (ISIT), 2019, : 637 - 641
  • [4] Hidden Markov Model Modeling of SSH Brute-Force Attacks
    Sperotto, Anna
    Sadre, Ramin
    de Boer, Pieter-Tjerk
    Pras, Aiko
    INTEGRATED MANAGEMENT OF SYSTEMS, SERVICES, PROCESSES AND PEOPLE IN IT, PROCEEDINGS, 2009, 5841 : 164 - 176
  • [5] Research on techniques for detecting brute-force attacks on corporate email
    Liu, Xiaomei
    Hu, Xuewei
    JOURNAL OF COMPUTATIONAL METHODS IN SCIENCES AND ENGINEERING, 2024, 24 (03) : 1379 - 1393
  • [6] IoT Lotto: Utilizing IoT Devices in Brute-Force Attacks
    Alani, Mohammed M.
    PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: IOT AND SMART CITY (ICIT 2018), 2018, : 140 - 144
  • [7] A BRUTE-FORCE POLARIZED PROTON TARGET AS AN APPLICATION OF A VERSATILE BRUTE-FORCE POLARIZATION FACILITY
    AURES, R
    HEERINGA, W
    KLAGES, HO
    MASCHUW, R
    SCHMIDT, FK
    ZEITNITZ, B
    NUCLEAR INSTRUMENTS & METHODS IN PHYSICS RESEARCH SECTION A-ACCELERATORS SPECTROMETERS DETECTORS AND ASSOCIATED EQUIPMENT, 1984, 224 (03): : 347 - 354
  • [8] Mitigating Brute-force Attacks on Bloom-filter Based Forwarding
    Alzahrani, Bander A.
    Vassilakis, Vassilios G.
    Reed, Martin J.
    2013 CONFERENCE ON FUTURE INTERNET COMMUNICATIONS (CFIC), 2013,
  • [9] Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization
    Salamatian, Salman
    Huleihel, Wasim
    Beirami, Ahmad
    Cohen, Asaf
    Medard, Muriel
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (09) : 2288 - 2299
  • [10] Universal Randomized Guessing With Application to Asynchronous Decentralized Brute-Force Attacks
    Merhav, Neri
    Cohen, Asaf
    IEEE TRANSACTIONS ON INFORMATION THEORY, 2020, 66 (01) : 114 - 129
12345