Fast Network-Based Brute-Force Detection

Today, the Internet is a crucial business factor for most companies. Different traditional business divisions like distance selling or money transfers enhanced or even switched to the Internet, others emerged directly from it and a billion dollar business evolved over the past years. Therefore, the high fiscal values are alluring criminals. Attacks with the aid of the Internet can be executed from a safe distance, different (or even missing) IT laws in different countries are hampering the transboundary criminal execution. For example, brute-force attacks to gain access to systems and servers are still a popular and successful attack type. After gaining access, sensitive data can be copied, spyware can be installed, etc. Current protection mechanisms require extensive administration or can reduce network performance. Therefore, we propose a new architecture for network-based brute-force detection in encrypted environments. The system evaluates the similarity of the network packet payload-sizes of different connections. No information about the encryption in use or the functionality of the authorization process is required. Based on the high similarity of rejected connections, an identification of bruteforce attacks is realized.