| 基于流量特征的登录账号密码暴力破解攻击检测方法 |
| |
| 引用本文: | 魏琴芳,杨子明,胡向东,张峰,郭智慧,付俊.基于流量特征的登录账号密码暴力破解攻击检测方法[J].西南农业大学学报,2017,39(7):149-154. |
| |
| 作者姓名: | 魏琴芳 杨子明 胡向东 张峰 郭智慧 付俊 |
| |
| 作者单位: | 1. 重庆邮电大学 通信与信息工程学院,重庆 400065; 2. 重庆邮电大学 自动化学院,重庆 400065; 3. 中国移动通信有限公司研究院,北京 100033 |
| |
| 基金项目: | 教育部-中国移动联合研究基金项目(MCM20150202);国家自然科学科学基金项目(6117029);重庆市教委科研项目(KJ1602201) |
| |
| 摘 要: | 针对暴力破解通过尝试用户所有可能的账号与密码组合来远程登录他人的信息设备或系统,使网络安全面临重大风险的问题,提出一种基于流量特征的远程登录暴力破解检测方法,通过获取通信流量的统计特征,基于进程数量过滤明显的攻击行为;利用数据包特征对数据进行深度分析和再检测.实验测试结果表明,该方法能识别出针对TELNET,SSH,FTP和RDP等协议的单机或分布式暴力破解行为,并能取得不低于98%的检测准确率.
|
| 关 键 词: | 暴力破解 流量特征 字典攻击 网络安全 |
A Remote Login-Focused Brute-Force Attack Detection Methods Based on Network Flow Characteristics |
| |
| WEI Qin-fang,YANG Zi-ming,HU Xiang-dong,ZHANG Feng,GUO Zhi-hui,FU Jun.A Remote Login-Focused Brute-Force Attack Detection Methods Based on Network Flow Characteristics[J].Journal of Southwest Agricultural University,2017,39(7):149-154. |
| |
| Authors: | WEI Qin-fang YANG Zi-ming HU Xiang-dong ZHANG Feng GUO Zhi-hui FU Jun |
| |
| Abstract: | As one of the main attack means of threatening network security, brute-force attack makes network security encounter large risk by trying all possible combinations of the user''s account and password to remotely log in someone''s equipment or system. In this paper, a remote login-focused brute-force attack detection method based on network flow characteristics is proposed, which filters out those obvious attacks based on process number by gaining the statistical features of overload, and makes deep analysis and re-detection based on the statistical features of packets. The results of an experiment show that the proposed method can distinguish the single or distributed brute-force attacks in remote login targeted TELNET, SSH, FTP and RDP, and has achieved a detection accuracy of no less than 98%. |
| |
| Keywords: | |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《西南农业大学学报》浏览原始摘要信息 |
| 点击此处可从《西南农业大学学报》下载免费的PDF全文 |
|
