TOPASE: Detection of brute force attacks used disciplined IPs from IDS log

In recent years, there exists stealthy brute force attacks that can avoid the security rules and detection by IPS (Intrusion Prevention System) and IDS (Intrusion Detection System). Attackers tend to arrange innumerable hosts and allocate them fewer login trials than the limitations the administrators have set. In this paper, we report a brute force attack event (Brute force attacks with disciplined IPs, DBF) by analyzing log with site-federated viewpoint analysis. The analyses can lead us to the structure of DBF and the existence of attackers behind the DBF. We also present TOPASE, which detect victim hosts of DBF. Combining TOPASE and shutting down based on the regularity of DBF can mitigate the DBFs to those victims.