Skip to main content
Conference ProceedingsOPEN ACCESS

Protecting financial institutions from brute-force attacks

IFIP International Federation for Information Processing (2008) 278 681-685
DOI: 10.1007/978-0-387-09699-5_45
22Citations
Citations of this article
24Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We examine the problem of protecting online banking accounts from password brute-forcing attacks. Our method is to create a large number of honeypot userID-password pairs. Presentation of any of these honeypot credentials causes the attacker to be logged into a honeypot account with fictitious attributes. For the attacker to tell the difference between a honeypot and a real account he must attempt to transfer money out. We show that is simple to ensure that a brute-force attacker will encounter hundreds or even thousands of honeypot accounts for every real break-in. His activity in the honeypots provides the data by which the bank learns the attackers attempts to tell real from honeypot accounts, and his cash out strategy. © 2008 Springer Science+Business Media, LLC.

Cite

CITATION STYLE

APA

Herley, C., & Florêncio, D. (2008). Protecting financial institutions from brute-force attacks. In IFIP International Federation for Information Processing (Vol. 278, pp. 681–685). Springer New York. https://doi.org/10.1007/978-0-387-09699-5_45

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free