All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Flow-based detection of RDP brute-force attacks

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F13%3A00065720" target="_blank" >RIV/00216224:14610/13:00065720 - isvavai.cz</a>

  • Result on the web

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Flow-based detection of RDP brute-force attacks

  • Original language description

    This paper describes a design and evaluation of a network-based detection of brute-force attacks on authentication of Microsoft Windows RDP. The network flow data provides sufficient information about communication of two nodes in network, even though the RDP communication is encrypted. An analysis was based on the network flow data collected in the Masaryk University network and host-based data from logs of a server with opened Remote Desktop Connection. These data helped us to improve the flow detection using the information gathered from the server event log. Despite the fact that RDP is encrypted, flow data gives us a sufficient amount of information to determine whether the connection is an authentication or regular remote desktop session. We implemented the attacks detection as a plugin for the widely used NfSen collector. The plugin is involved in the active defense of the network of Masaryk University.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/VG20132015103" target="_blank" >VG20132015103: Cybernetic Proving Ground</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2013

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Security and Protection of Information 2013

  • ISBN

    9788072319220

  • ISSN

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    131-138

  • Publisher name

    Univerzita obrany

  • Place of publication

    Brno

  • Event location

    Brno

  • Event date

    May 22, 2013

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

RdpMonitor - RDP authentication attack detection pluginDetecting Botnets with NetFlowIntelligent logging server