• Jul 03, 2017 News!JACN Vol.4, No.2 has been indexed by EI (inspec)!   [Click]
  • Jul 12, 2017 News!JACN Vol.5, No.1 has been published with online version.
  • Jul 03, 2017 News!Welcome to join in the 2017 8th International Conference on Networking and Information Technology (ICNIT 2017), which will be held in Penang, Malaysia during November 24-26, 2017.
General Information
    • ISSN: 1793-8244
    • Frequency: Semiyearly
    • DOI: 10.18178/JACN
    • Editor-in-Chief: Dr. Ka Wai Gary Wong
    • Executive Editor: Ms. Nina Lee
    • Abstracting/ Indexing: EI (INSPEC, IET), Engineering & Technology Digital Library, DOAJ, Electronic Journals Library, Ulrich's Periodicals Directory, International Computer Science Digital Library (ICSDL), ProQuest, and Google Scholar.
    • E-mail: jacn@ejournal.net
Editor-in-chief
Dr. Ka Wai Gary Wong
Division of Information and Technology Studies, Faculty of Education, The University of Hong Kong.
It's a honor to serve as the editor-in-chief of JACN. I'll work together with the editors and reviewers to help the journal progress
JACN 2014 Vol.2(4): 279-286 ISSN: 1793-8244
DOI: 10.7763/JACN.2014.V2.126

Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage

Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii
Abstract—In recent years, the way of brute force attacks has become more tactical and tricky to avoid being detected by intrusion detection or prevention systems (IDS/IPS). In this paper, we show that we have detected three organized or systematic brute force attack instances from actual network monitoring logs by visualization focused on source IPs and detection time. One of the instances shows that specific terminals have been attacked used innumerable IPs for a long time. These IPs were like ephemeral because they had appeared almost only one time. We also propose a new system, DEMITASSE, for detecting such terminals in the earlier phase and mitigating the damage caused by brute force attacks used ephemeral IPs. We conduct feasibility studies with our logs and evaluate DEMITASSE can detect and mitigate that kind of attacks effectively.

Index Terms—Log analysis, brute force attacks, network monitoring, network security.

The authors are with the Fujitsu Laboratories LTD., 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki, Kanagawa, 211-8588, Japan (e-mail: honda.satomi@ jp.fujitsu.com).

[PDF]

Cite:Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii, "Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage," Journal of Advances in Computer Networks vol. 2, no. 4, pp. 279-286, 2014.

Copyright © 2008-2017. Journal of Advances in Computer Networks.  All rights reserved.
E-mail: jacn@ejournal.net