NEW METHOD UT CHECKS SUSPICIOUS PATTERNS
The brute force and sheer scale of current Internet attacks put a heavy strain on classic methods of intrusion detection. Moreover, these methods aren’t prepared for the rapidly growing number of connected devices: scalability is a major issue. PhD researcher Rick Hofstede, of the University of Twente’s CTIT institute, proposes another way of monitoring internet traffic, thus tracing those attacks that actually have an effect and not all the others. The open source software he developed, is already being tested and used by several organizations in the world. Hofstede defends his PhD thesis on June 29.
Boldly trying a massive number of user name and password until you have that unique combination: that is an example of a ‘brute force’ Internet attack. Once having gained access to the user’s computer, it can, in turn, be used for spreading illegal content or for performing a DDoS attack. Without knowing, users turn into attackers this way. This type of attacks take place via web applications that are relatively vulnerable, like WordPress or Joomla, but also using the Secure Shell (SSH) which enables remote login to a device. Check the contents of the data coming in, analyze network traffic and log files on every single computer: that’s the classic approach.
According to Rick Hofstede, this implies analyzing a vast amount of data that will never have effect. Within a network of a larger organizations, with probably tens of thousands of computers, smartphones and tablets connected, it will soon be impossible to check every single device.