• Feb 07, 2023 News!JACN will adopt Article-by-Article Work Flow. The benefit of article-by-article workflow is that a delay with one article may not delay the entire issue. Once a paper steps into production, it will be published online soon.   [Click]
  • May 30, 2022 News!JACN Vol.10, No.1 has been published with online version.   [Click]
  • Dec 24, 2021 News!Volume 9 No 1 has been indexed by EI (inspec)!   [Click]
General Information
    • ISSN: 1793-8244 (Print)
    • Abbreviated Title:  J. Adv. Comput. Netw.
    • Frequency: Semiyearly
    • DOI: 10.18178/JACN
    • Editor-in-Chief: Professor Haklin Kimm
    • Executive Editor: Ms. Cherry Chan
    • Abstracting/ Indexing: EBSCO, ProQuest, and Google Scholar.
    • E-mail: jacn@ejournal.net
    • APC: 500USD
Professor Haklin Kimm
East Stroudsburg University, USA
I'm happy to take on the position of editor in chief of JACN. We encourage authors to submit papers on all aspects of computer networks.

JACN 2014 Vol.2(4): 279-286 ISSN: 1793-8244
DOI: 10.7763/JACN.2014.V2.126

Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage

Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii

Abstract—In recent years, the way of brute force attacks has become more tactical and tricky to avoid being detected by intrusion detection or prevention systems (IDS/IPS). In this paper, we show that we have detected three organized or systematic brute force attack instances from actual network monitoring logs by visualization focused on source IPs and detection time. One of the instances shows that specific terminals have been attacked used innumerable IPs for a long time. These IPs were like ephemeral because they had appeared almost only one time. We also propose a new system, DEMITASSE, for detecting such terminals in the earlier phase and mitigating the damage caused by brute force attacks used ephemeral IPs. We conduct feasibility studies with our logs and evaluate DEMITASSE can detect and mitigate that kind of attacks effectively.

Index Terms—Log analysis, brute force attacks, network monitoring, network security.

The authors are with the Fujitsu Laboratories LTD., 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki, Kanagawa, 211-8588, Japan (e-mail: honda.satomi@ jp.fujitsu.com).


Cite:Satomi Honda, Yuki Unno, Koji Maruhashi, Masahiko Takenaka, and Satoru Torii, "Detection of Novel-Type Brute Force Attacks Used Ephemeral Springboard IPs as Camouflage," Journal of Advances in Computer Networks vol. 2, no. 4, pp. 279-286, 2014.

Copyright © 2008-2024. Journal of Advances in Computer Networks.  All rights reserved.
E-mail: jacn@ejournal.net