RISK BASED BRUTE-FORCE ATTACK PREVENTION
First Claim
1. A computer implemented method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:
- using at least one processor for;
estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials;
calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt;
update an authentication session score of the authentication process according to the calculated risk score; and
initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service.
1 Assignment
0 Petitions
Accused Products
Abstract
A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.
11 Citations
14 Claims
-
1. A computer implemented method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:
using at least one processor for; estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials; calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt; update an authentication session score of the authentication process according to the calculated risk score; and initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A system for reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:
-
a program store storing a code; and at least one processor coupled to the program store for executing the stored code, the code comprising; code instructions to estimate a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials; calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt; update an authentication session score of the authentication process according to the calculated risk score; and initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service.
-
Specification