What's in a name? Using words' uniqueness to identify hackers in brute force attacks

Amit Rechavi; Tamar Berenblum

doi:10.5281/zenodo.3766652

What's in a name? Using words' uniqueness to identify hackers in brute force attacks

Amit Rechavi, Tamar Berenblum

Research output: Contribution to journal › Article › peer-review

Abstract

Do hacker subgroups share unique practices and knowledge? Is there a spatial characteristic to this sharing? The study investigates whether hackers who perform bmte force attacks (BFAs) from different countries (different IPs) use a spatially based corpus of words for usemames and passwords. The study explores the usage of975,000 usemames (UNs) and passwords (PWs) in bmte force attacks on honeypot (HP) computers. The results suggest that hacker subgroups attacking from different countries use different combinations of UNs and PWs, while a few attacks coming from different IPs share the same corpus of words. This significant result can help in tracing the source of BFAs by identifying and analyzing the terms used in such attacks.

Original language	English
Pages (from-to)	361-382
Number of pages	22
Journal	International Journal of Cyber Criminology
Volume	14
Issue number	1
DOIs	https://doi.org/10.5281/zenodo.3766652
State	Published - 1 Jan 2020
Externally published	Yes

Keywords

Brute force attacks (BFAs)
Hackers
Honeypot
Knowledge exchange
SNA

Access to Document

10.5281/zenodo.3766652

Cite this

@article{6e1aa603f008488ab5333b9de19f3685,

title = "What's in a name? Using words' uniqueness to identify hackers in brute force attacks",

abstract = "Do hacker subgroups share unique practices and knowledge? Is there a spatial characteristic to this sharing? The study investigates whether hackers who perform bmte force attacks (BFAs) from different countries (different IPs) use a spatially based corpus of words for usemames and passwords. The study explores the usage of975,000 usemames (UNs) and passwords (PWs) in bmte force attacks on honeypot (HP) computers. The results suggest that hacker subgroups attacking from different countries use different combinations of UNs and PWs, while a few attacks coming from different IPs share the same corpus of words. This significant result can help in tracing the source of BFAs by identifying and analyzing the terms used in such attacks.",

keywords = "Brute force attacks (BFAs), Hackers, Honeypot, Knowledge exchange, SNA",

author = "Amit Rechavi and Tamar Berenblum",

note = "Publisher Copyright: {\textcopyright} 2020 International Journal of Cyber Criminology.",

year = "2020",

month = jan,

day = "1",

doi = "10.5281/zenodo.3766652",

language = "אנגלית",

volume = "14",

pages = "361--382",

journal = "International Journal of Cyber Criminology",

issn = "0974-2891",

publisher = "K. Jaishankar",

number = "1",

}

TY - JOUR

T1 - What's in a name? Using words' uniqueness to identify hackers in brute force attacks

AU - Rechavi, Amit

AU - Berenblum, Tamar

PY - 2020/1/1

Y1 - 2020/1/1

N2 - Do hacker subgroups share unique practices and knowledge? Is there a spatial characteristic to this sharing? The study investigates whether hackers who perform bmte force attacks (BFAs) from different countries (different IPs) use a spatially based corpus of words for usemames and passwords. The study explores the usage of975,000 usemames (UNs) and passwords (PWs) in bmte force attacks on honeypot (HP) computers. The results suggest that hacker subgroups attacking from different countries use different combinations of UNs and PWs, while a few attacks coming from different IPs share the same corpus of words. This significant result can help in tracing the source of BFAs by identifying and analyzing the terms used in such attacks.

AB - Do hacker subgroups share unique practices and knowledge? Is there a spatial characteristic to this sharing? The study investigates whether hackers who perform bmte force attacks (BFAs) from different countries (different IPs) use a spatially based corpus of words for usemames and passwords. The study explores the usage of975,000 usemames (UNs) and passwords (PWs) in bmte force attacks on honeypot (HP) computers. The results suggest that hacker subgroups attacking from different countries use different combinations of UNs and PWs, while a few attacks coming from different IPs share the same corpus of words. This significant result can help in tracing the source of BFAs by identifying and analyzing the terms used in such attacks.

KW - Brute force attacks (BFAs)

KW - Hackers

KW - Honeypot

KW - Knowledge exchange

KW - SNA

UR - http://www.scopus.com/inward/record.url?scp=85085187538&partnerID=8YFLogxK

U2 - 10.5281/zenodo.3766652

DO - 10.5281/zenodo.3766652

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85085187538

SN - 0974-2891

VL - 14

SP - 361

EP - 382

JO - International Journal of Cyber Criminology

JF - International Journal of Cyber Criminology

IS - 1

ER -

What's in a name? Using words' uniqueness to identify hackers in brute force attacks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this