• Sep 17, 2018 News!Welcome to 2019 4th International Conference on Information and Network Technologies (ICINT 2019), which will be held in Kyoto, Japan during May 25-27, 2019.   [Click]
  • Jul 04, 2018 News!JACN Vol.6, No.1 has been published with online version.   [Click]
  • May 22, 2018 News!JACN has been included in EBSCO database.
General Information
    • ISSN: 1793-8244
    • Frequency: Semiyearly
    • DOI: 10.18178/JACN
    • Editor-in-Chief: Dr. Ka Wai Gary Wong
    • Executive Editor: Ms. Nina Lee
    • Abstracting/ Indexing: EI (INSPEC, IET),  Electronic Journals Library, Ulrich's Periodicals Directory, EBSCO, ProQuest, and Google Scholar.
    • E-mail: jacn@ejournal.net
Dr. Ka Wai Gary Wong
Division of Information and Technology Studies, Faculty of Education, The University of Hong Kong.
It's a honor to serve as the editor-in-chief of JACN. I'll work together with the editors and reviewers to help the journal progress
JACN 2014 Vol.2(4): 279-286 ISSN: 1793-8244
DOI: 10.7763/JACN.2014.V2.126

Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage

Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii
Abstract—In recent years, the way of brute force attacks has become more tactical and tricky to avoid being detected by intrusion detection or prevention systems (IDS/IPS). In this paper, we show that we have detected three organized or systematic brute force attack instances from actual network monitoring logs by visualization focused on source IPs and detection time. One of the instances shows that specific terminals have been attacked used innumerable IPs for a long time. These IPs were like ephemeral because they had appeared almost only one time. We also propose a new system, DEMITASSE, for detecting such terminals in the earlier phase and mitigating the damage caused by brute force attacks used ephemeral IPs. We conduct feasibility studies with our logs and evaluate DEMITASSE can detect and mitigate that kind of attacks effectively.

Index Terms—Log analysis, brute force attacks, network monitoring, network security.

The authors are with the Fujitsu Laboratories LTD., 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki, Kanagawa, 211-8588, Japan (e-mail: honda.satomi@ jp.fujitsu.com).


Cite:Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii, "Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage," Journal of Advances in Computer Networks vol. 2, no. 4, pp. 279-286, 2014.

Copyright © 2008-2018. Journal of Advances in Computer Networks.  All rights reserved.
E-mail: jacn@ejournal.net