Research Article
BibTex RIS Cite

Kaba Kuvvet Saldırı Tespiti ve Teknik Analizi

Year 2019, , 61 - 69, 29.08.2019
https://doi.org/10.35377/saucis.02.02.561844

Abstract

Kaba kuvvet saldırıları, hedef sistemde kayıtlı şifre ve parolaları (bilgisayar kullanıcı bilgileri, kayıtlı kredi kartı bilgiler, sosyal hesap bilgileri, kurumsal bilgiler gibi) kırmak için en sık tercih edilen siber saldırı aracıdır. Kaba kuvvet saldırıları basit ve güvenilirdir. Bu nedenle geniş bir alanda kullanılmaktadır. Kaba kuvvet saldırıları yönelik yapılan çalışmaların büyük bir kısmı teorik ağırlıklı olup uygulama yönünden zayıf kalmaktadır. Bu çalışmada, resmi kurumda çalışan üst düzey yöneticinin kullandığı bilgisayara karşı yapılan gerçek bir kaba kuvvet saldırısının tespiti ve analizi yapılmıştır. Çalışma sonuçları itibari ile benzer saldırılara karşı kullanıcı farkındalığı yaratması açısından önemlidir.

References

  • Ö. M. Nesip ve A. Kaya, “Siber Güvenliğin Milli Güvenlik Açısından Önemi ve Alınabilecek Tedbirler,” Security Strategies Journal, pp. 9.18, 2013.
  • İ. Kara ve M. Aydos, “The Ghost In The System: Technıcal Analysıs Of Remote Access Trojan,” International Journal on Information Technologies & Security, pp.11.1, 2019.
  • İ. Kara ve M. Aydos, “Static and Dynamic Analysis of Third Generation Cerber Ransomware,” In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 12-17, IEEE, December, 2018.
  • K. Şahin, “Realizm Ve Liberalizm Işiğinda Siber Savaş ve Alternatif Bir Kavram Olarak Siber Bariş’in Değerlendirilmesi,” TURAN-SAM, 2017, 9.35, pp. 287-297.
  • A. Chris, “Advanced SQL injection in SQL server applications,” 2002.
  • B. Muhammet, G. Sebahattin, “Applications for detecting XSS attacks on different web platforms,” In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1-6, IEEE, 2018.
  • H. J Loesch, A. Remscheid. “Brute force in molecular reaction dynamics: A novel technique for measuring steric effects,” The Journal of Chemical Physics, 93(7), pp. 4779-4790, 1990.
  • K. Mark AR, “When brute force fails: How to have less crime and less punishment,” Princeton University Press, 2009.
  • B. Roberto, “Brute-Force Mining of High-Confidence Classification Rules. In: KDD,” pp. 123-126, 1997.
  • W. Matt, et al. “Password cracking using probabilistic context-free grammars,” In: 2009 30th IEEE Symposium on Security and Privacy, pp. 391-405, IEEE, 2009.
  • S. Theodoros, et al. “A game theoretic defence framework against DoS/DDoS cyber attacks,” Computers & Security, 38, pp.39-50, 2013.
  • I. Alireza, O. Mohamed, R. Mohd, A. Fadlee, “Accurate ICMP traceback model under DoS/DDoS attack,” In: 15th International Conference on Advanced Computing and Communications (ADCOM 2007). pp. 441-446, IEEE, 2007.
  • J. Markus, “Modeling and preventing phishing attacks,” In: Financial Cryptography, 2005.
  • D. Rachna ve T. J. D. Marti, “Why phishing works,” In: Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581-590, ACM, 2006.
  • B. Wu et all, “A survey of attacks and countermeasures in mobile ad hoc networks,” In Wireless network security, pp. 103-135, 2007.
  • İ. Kara, “Teslacrypt Fidye Yazılım Virüsünün Tespiti, Teknik Analizi ve Çözümü,” Uluslararası Yönetim Bilişim Sistemleri ve Bilgisayar Bilimleri Dergisi, 2.2: pp. 87-94.

Detection, Technical Analysis of Brute Force Attack

Year 2019, , 61 - 69, 29.08.2019
https://doi.org/10.35377/saucis.02.02.561844

Abstract

Brute force attack is the most frequently used cyberattack tool to break passwords stored in the target system (such as computer user information, credit card information, social account information, corporate information). Brute force attacks are simple and reliable. Therefore, they are widely used. The majority of the studies on the brute force attacks is theoretical and weak in practice. In this study, the detection and analysis of a real brute force attack against a computer used by a senior manager working in an official institution was performed. According to the research findings, the study is of importance in creating user awareness against similar attacks.

References

  • Ö. M. Nesip ve A. Kaya, “Siber Güvenliğin Milli Güvenlik Açısından Önemi ve Alınabilecek Tedbirler,” Security Strategies Journal, pp. 9.18, 2013.
  • İ. Kara ve M. Aydos, “The Ghost In The System: Technıcal Analysıs Of Remote Access Trojan,” International Journal on Information Technologies & Security, pp.11.1, 2019.
  • İ. Kara ve M. Aydos, “Static and Dynamic Analysis of Third Generation Cerber Ransomware,” In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 12-17, IEEE, December, 2018.
  • K. Şahin, “Realizm Ve Liberalizm Işiğinda Siber Savaş ve Alternatif Bir Kavram Olarak Siber Bariş’in Değerlendirilmesi,” TURAN-SAM, 2017, 9.35, pp. 287-297.
  • A. Chris, “Advanced SQL injection in SQL server applications,” 2002.
  • B. Muhammet, G. Sebahattin, “Applications for detecting XSS attacks on different web platforms,” In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1-6, IEEE, 2018.
  • H. J Loesch, A. Remscheid. “Brute force in molecular reaction dynamics: A novel technique for measuring steric effects,” The Journal of Chemical Physics, 93(7), pp. 4779-4790, 1990.
  • K. Mark AR, “When brute force fails: How to have less crime and less punishment,” Princeton University Press, 2009.
  • B. Roberto, “Brute-Force Mining of High-Confidence Classification Rules. In: KDD,” pp. 123-126, 1997.
  • W. Matt, et al. “Password cracking using probabilistic context-free grammars,” In: 2009 30th IEEE Symposium on Security and Privacy, pp. 391-405, IEEE, 2009.
  • S. Theodoros, et al. “A game theoretic defence framework against DoS/DDoS cyber attacks,” Computers & Security, 38, pp.39-50, 2013.
  • I. Alireza, O. Mohamed, R. Mohd, A. Fadlee, “Accurate ICMP traceback model under DoS/DDoS attack,” In: 15th International Conference on Advanced Computing and Communications (ADCOM 2007). pp. 441-446, IEEE, 2007.
  • J. Markus, “Modeling and preventing phishing attacks,” In: Financial Cryptography, 2005.
  • D. Rachna ve T. J. D. Marti, “Why phishing works,” In: Proceedings of the SIGCHI conference on Human Factors in computing systems, pp. 581-590, ACM, 2006.
  • B. Wu et all, “A survey of attacks and countermeasures in mobile ad hoc networks,” In Wireless network security, pp. 103-135, 2007.
  • İ. Kara, “Teslacrypt Fidye Yazılım Virüsünün Tespiti, Teknik Analizi ve Çözümü,” Uluslararası Yönetim Bilişim Sistemleri ve Bilgisayar Bilimleri Dergisi, 2.2: pp. 87-94.
There are 16 citations in total.

Details

Primary Language Turkish
Subjects Communication and Media Studies
Journal Section Articles
Authors

İlker Kara 0000-0003-3700-4825

Publication Date August 29, 2019
Submission Date May 8, 2019
Acceptance Date July 11, 2019
Published in Issue Year 2019

Cite

IEEE İ. Kara, “Kaba Kuvvet Saldırı Tespiti ve Teknik Analizi”, SAUCIS, vol. 2, no. 2, pp. 61–69, 2019, doi: 10.35377/saucis.02.02.561844.

29070    The papers in this journal are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License