The method of detecting online password attacks based on high-level protocol analysis and clustering techniques

TL;DR

This paper introduces an unsupervised, network-based method for detecting online password attacks using high-level protocol analysis and clustering, aiming to improve security monitoring without host dependency.

Contribution

It presents a novel unsupervised detection approach based solely on network data, enhancing password attack detection in diverse and evolving systems.

Findings

Successfully implemented on real systems

Achieved positive detection results

Reduces reliance on host-based data

Abstract

Although there have been many solutions applied, the safety challenges related to the password security mechanism are not reduced. The reason for this is that while the means and tools to support password attacks are becoming more and more abundant, the number of transaction systems through the Internet is increasing, and new services systems appear. For example, IoT also uses password-based authentication. In this context, consolidating password-based authentication mechanisms is critical, but monitoring measures for timely detection of attacks also play an important role in this battle. The password attack detection solutions being used need to be supplemented and improved to meet the new situation. In this paper we propose a solution that automatically detects online password attacks in a way that is based solely on the network, using unsupervised learning techniques and protected application orientation. Our solution, therefore, minimizes dependence on the factors encountered by host-based or supervised learning solutions. The certainty of the solution comes from using the results of an in-depth analysis of attack characteristics to build the detection capacity of the mechanism. The solution was implemented experimentally on the real system and gave positive results.