About: Flow-based detection of RDP brute-force attacks

Facets (new session)
Description
Metadata
Settings
- owl:sameAs
- Inference Rule:

About: Flow-based detection of RDP brute-force attacks Goto Sponge NotDistinct Permalink

An Entity of Type : http://linked.opendata.cz/ontology/domain/vavai/Vysledek, within Data Space : linked.opendata.cz associated with source document(s)

Attributes	Values
rdf:type	skos:Concept http://linked.opendata.cz/ontology/domain/vavai/Vysledek
Description	This paper describes a design and evaluation of a network-based detection of brute-force attacks on authentication of Microsoft Windows RDP. The network flow data provides sufficient information about communication of two nodes in network, even though the RDP communication is encrypted. An analysis was based on the network flow data collected in the Masaryk University network and host-based data from logs of a server with opened Remote Desktop Connection. These data helped us to improve the flow detection using the information gathered from the server event log. Despite the fact that RDP is encrypted, flow data gives us a sufficient amount of information to determine whether the connection is an authentication or regular remote desktop session. We implemented the attacks detection as a plugin for the widely used NfSen collector. The plugin is involved in the active defense of the network of Masaryk University. This paper describes a design and evaluation of a network-based detection of brute-force attacks on authentication of Microsoft Windows RDP. The network flow data provides sufficient information about communication of two nodes in network, even though the RDP communication is encrypted. An analysis was based on the network flow data collected in the Masaryk University network and host-based data from logs of a server with opened Remote Desktop Connection. These data helped us to improve the flow detection using the information gathered from the server event log. Despite the fact that RDP is encrypted, flow data gives us a sufficient amount of information to determine whether the connection is an authentication or regular remote desktop session. We implemented the attacks detection as a plugin for the widely used NfSen collector. The plugin is involved in the active defense of the network of Masaryk University. (en)
Title	Flow-based detection of RDP brute-force attacks Flow-based detection of RDP brute-force attacks (en)
skos:prefLabel	Flow-based detection of RDP brute-force attacks Flow-based detection of RDP brute-force attacks (en)
skos:notation	RIV/00216224:14610/13:00065720!RIV14-MV0-14610___
http://linked.open...avai/predkladatel	Ústav výpočetní techniky
http://linked.open...avai/riv/aktivita	P
http://linked.open...avai/riv/aktivity	P(VG20132015103)
http://linked.open...vai/riv/dodaniDat	2014
http://linked.open...aciTvurceVysledku	Vykopal, Jan Vizváry, Martin
http://linked.open.../riv/druhVysledku	D - Článek ve sborníku
http://linked.open...iv/duvernostUdaju	S - Úplné a pravdivé údaje nepodléhající ochraně podle zvláštních právních předpisů
http://linked.open...titaPredkladatele	Masarykova univerzita / Ústav výpočetní techniky
http://linked.open...dnocenehoVysledku	75327
http://linked.open...ai/riv/idVysledku	RIV/00216224:14610/13:00065720
http://linked.open...riv/jazykVysledku	eng - angličtina
http://linked.open.../riv/klicovaSlova	Remote Desktop Protocol; RDP; brute-force attack; intrusion detection; NetFlow; NfSen; bidirectional flow; dictionary attack (en)
http://linked.open.../riv/klicoveSlovo	NetFlow intrusion detection NfSen bidirectional flow RDP Remote Desktop Protocol brute-force attack dictionary attack
http://linked.open...ontrolniKodProRIV	[AB6AA3146721]
http://linked.open...v/mistoKonaniAkce	Brno
http://linked.open...i/riv/mistoVydani	Brno
http://linked.open...i/riv/nazevZdroje	Security and Protection of Information 2013
http://linked.open...in/vavai/riv/obor	IN
http://linked.open...ichTvurcuVysledku	2 (xsd:int)
http://linked.open...cetTvurcuVysledku	2 (xsd:int)
http://linked.open...vavai/riv/projekt	Cybernetic Proving Ground
http://linked.open...UplatneniVysledku	2013
http://linked.open...iv/tvurceVysledku	Vykopal, Jan Vizváry, Martin
http://linked.open...vavai/riv/typAkce	WRD - Světová
http://linked.open.../riv/zahajeniAkce	2013-05-22 (xsd:date)
number of pages	8 (xsd:int)
http://purl.org/ne...btex#hasPublisher	Univerzita obrany
https://schema.org/isbn	9788072319220
http://localhost/t...ganizacniJednotka	14610

Faceted Search & Find service v1.16.116 as of Feb 22 2024

Alternative Linked Data Documents: ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 07.20.3239 as of Feb 22 2024, on Linux (x86_64-pc-linux-gnu), Single-Server Edition (126 GB total memory, 82 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software