![]() |
How To Stop Brute Force Attack Using Neo4j - Printable Version +- Tricks Duniya -ONLINE SHOPPING GUIDE, MOBILE TRICKS, ANDROID TRICKS, HACKING (http://tricksduniya.com) +-- Forum: COMPUTER ZONE (http://tricksduniya.com/forum-43.html) +--- Forum: Publisher & Developer Zone (http://tricksduniya.com/forum-73.html) +--- Thread: How To Stop Brute Force Attack Using Neo4j (/thread-1571.html) |
How To Stop Brute Force Attack Using Neo4j - Pammy - 05-12-2015 How To Stop Brute Force Attack Using Neo4j ![]() Brute force attacks are most common attacks used by hackers. This type of attack has compromisedmany online user credentials. Hackers are using brute force attack to target any website they could get, ranging from Fortune 500 companies to very small websites. The aim of such attacks is mainly to compromise user information (including Social Security numbers, credit card data and bank account details) and commit financial frauds using identity theft. Once information is obtained by hackers it can be misused by them for selling in black market, spamming and more unethical means to exploit it. In this article we are going to discuss the use of graph database for stopping the brute force attack. What Is Brute Force Attack? In cryptography, Brute force attack is defined as a approach of systematically checking all possible passwords until the correct one is found. This type of attack may take time proportional to the complexity of password. Brute force attacks are typically performed with the help of dictionary containing most common usernames, passwords and english words and variants. For example some of the most commonly used passwords are listed below
How To Identify A Brute Force Attack Is In Progress? There can be multiple approaches to identify brute force attacks.
The most important thing to do in identifying such attacks is to capture enough information about each request. Some of the required information is
Setting Up The Structure Of Graph The graph structure for this is going to be really simple with just 2 types of nodes and 1 type of relationship ![]() User Nodes ![]() Neo4j Cypher Queries To Create The Graph Neo4j database uses Cypher query language to manipulate data on Neo4j. Below are some queries you can use to setup and retrieve data from graph database. Create unique constraint on the attribute value level to avoid any duplicate nodes. Code: CREATE CONSTRAINT ON (n:User) ASSERT n.uid IS UNIQUE; Use merge command to create nodes since this will ensure you do not create if it already exists. Code: MERGE (u:User {uid:'JohnDoe'}) return u Cypher statement to create WrongPasswordAttemept relation between existing IP address and user node. Code: MATCH (i:IP {ip:'1.2.3.4'}), (u:User {uid:'JohnDoe'}) Using Cypher Queries In Identifying The Attack In Progress Query to identify number of failed login attempts in last 5 minutes from the ip (1.2.3.4) Code: MATCH (n:IP {ip:'1.2.3.4'})-[r:WrongPasswordAttempt]->(b) Query to identify number of failed login attempts with weak password in last 5 minutes from the ip (1.2.3.4) Code: MATCH (n:IP {ip:'1.2.3.4'})-[r:WrongPasswordAttempt]->(b) In above query following identification parameters are used.
The time duration and number of failed attempts (WPACount) need to be analyzed based on application usage and load. In a ideal application it must be kept configurable value that can be modified at run time when needed. This may sound trivial, however once your application is created your most time will be spent in analyzing and changing these parameters. The attackers are typically using bots to launch brute force attacks and once they learn your detection speed them may reduce the speed to attack to stay below the radar. Taking Action To Stop The Brute Force Attack After the identification of attack action may become very obvious however you may want to choose it wisely and there may be multiple actions required.
Scope For Improvement This is just a preliminary setup for brute force attack detection. You may use same idea and improve on it to get better detection and accuracy. This design may lead to some false positives therefore a manual analysis is recommended before taking strong actions. The attackers are smart and they learn from your actions, therefore your system may need to be unpredictable and must be constantly tuned to detect and stop attacks. Blocking the IP sounds like an obvious action however it may not always be the best choice if the attack is launched from common service providers like Amazon EC2 cloud. Blocking such IP may result in blocking many other good clients who are trying to reach you from same IP. We have not accounted for IP Geo location information in this solution. May be a lot more complex and efficient detection can be done using Geo location identification. Lets say a user is typically accessing your website from USA. All of a sudden you notice a login from another country. This may be a sign of suspicious activity and you may want to take action on it. Such attack can be identified much faster if you have enough Geo information and user behavior details in your graph. Summary The recent decade has been full of security threats and attacks on websites and online products. With increasing computing power attackers have become really powerful. This makes job of a security professional even more difficult since we need to be constantly looking for ways to prevent our systems. I hope you will find the article useful in stopping brute force attacks. Please share your thoughts and opinion on this. |