Select a data set that provides real time exchange of threat data for cyber attacks.

Selection of the Datasource

The datasource which was chosen was based on thorough discussion and based on real-world test cases. Upon discussion we were able to understand that upon multiple type of attacks in the present cyberworld, bruteforce attacks / dictionary attacks are one of the most troublesome and most puny attack in front of the cyberworld. Hence, we have chosen the database : http://bruteforcers.net as our database. This datasource simply provides us data based on the bruteforce attacks which has been made to the specific network.

Need

Rapid communication of threats, attacks and cyber security alerts helps to quickly detect, respond and contain cyber-attacks. In-depth analysis can be also performed on the attacks and vulnerabilities to prevent future attack and provide a solution. Detecting Brute Force Attacks

Brute force attacks are difficult to stop, but they aren’t difficult to spot. Some of the methods to detect the attacks are as follows:

•Each failed login attempt records an HTTP 401 status code, so monitoring log files can let you know if you’re under attack. •Several failed login attempts from the same IP address •Logins with multiple username attempts from the same IP address •Logins for a single account from many different IP addresses •Failed login attempts from alphabetically sequential usernames and passwords •Logins with a referring URL of someone’s mail •Excessive bandwidth consumption over the course of a single session •A large number of authentication failures

Prevention Methods

The simplest defense for Brute Force attacks is to maintain cyber hygiene like:

•Users should have complex passwords that are long and use a combination of letters, special characters, numbers and upper- and lower-case letters.

From an IT perspective, prevention measures include

•Locking a login page for a certain amount of time after failed logins, •Extending the time between two logins when a wrong password is entered, •Two-factor authentication, •Using CAPTCHA to prevent automated attacks, •Locking out an IP address with multiple failed logins. •Using pattern of attacks and allocate control based resources likewise so as to avoid the attempts of attack •Implementation of web application based and multi layered firewall would help to avoid such attacks

Though these steps may hinder some attacks, for persistent hackers, it may just slow down their efforts, not stop them. And more sophisticated hackers—particular those using botnets—can circumvent some of these measures.In fact, some prevention methods, such as locking accounts, can backfire. Perpetrators can abuse the security measure and lock out hundreds of user accounts and launch a denial of service (DoS) attack.

While not all cyber attacks can be thwarted, we can make it more difficult for them to follow through with malicious activity.

Hence we can concur that, the best way to detect a bruteforce attack is by proper analysis and user sensitivity or attentiveness towards cyber hygiene.