중부대학교 도서관

Contents Info

Characterizing and Detecting Password Guessing Attacks.

Publication, Distribution, etc. (Imprint: [S.l.] : Cornell University., 2024

Publication, Distribution, etc. (Imprint: Ann Arbor : ProQuest Dissertations & Theses, 2024

General Note: Source: Dissertations Abstracts International, Volume: 85-12, Section: B.

Summary, Etc.: 요약Modern authentication systems still mainly rely on passwords for authentication, but little is known about legitimate and malicious user behavior during the authentication process due to the difficulty of collecting information on such a sensitive field. Because passwords are hard to remember and often reused across websites, they are prone to remote guessing attacks in which an attacker iterates through a guess list of credentials, submitting them against a live login system; but existing defenses do not leverage password-based information because of the challenge of collecting such information in a secure way.We address this challenge first by developing a measurement framework called Gossamer for securely recording password-derived measurements, which we used to collect data on 34 million login requests at two universities. Then, we show how we used the data collected by Gossamer to develop a clustering approach called Arana that detects and groups login requests into attack campaigns. Finally, we explore existing timely attack detection mechanisms and evaluate them on Gossamer data along with three new detection methods based on Directed Anomaly Scoring. We also show that these detection methods are vulnerable to evasion attacks by an adaptive attacker.

גשמי
Reg No.	Call No.	מיקום	מצב	להשאיל מידע
TQ0034624	T	원문자료	열람가능/출력가능	열람가능/출력가능 마이폴더 부재도서신고

* הזמנות זמינים בספר ההשאלה. כדי להזמין, נא לחץ על כפתור ההזמנה

본문