Protecting Financial Institutions From Brute-Force Attacks
PROCEEDINGS OF THE IFIP TC 11/ 23RD INTERNATIONAL INFORMATION SECURITY CONFERENCE(2008)
摘要
We examine the problem, of protecting online banking accounts from password brute-forcing attacks. Our method is to create a large number of honeypot userID-password, pairs. Presentation of any of these honeypot credentials causes the attacker to be logged into a honeypot account with fictitious attributes. For the attacker to tell the difference between a honeypot and a real account lie must attempt to transfer money out. We show that is simple to ensure that a brute-force attacker will encounter hundreds or even. thousands of honeypot accounts for every real break-in. His activity in the honeypots provides the data by which the bank learns the attackers attempts to tell real from honeypot accounts, and his cash. out strategy.
更多查看译文
关键词
wa,microsoft research one microsoft way redmond
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络