Method and apparatus for detecting password attacks using modeling techniques
First Claim
1. A method of detecting intrusion attempts on a computing system, comprising:
- creating a first mapping profile of a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password;
storing the mapping profile in memory;
creating a second mapping profile of an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password;
calculating a profile score by comparing the first mapping profile to the second mapping profile;
comparing the profile score to a threshold value; and
classifying the entered profile into one of two or more security classifications based upon the comparison between the profile score and the threshold value; and
wherein the first mapping and the second mapping each comprise;
comparing successive characters of the respective password;
assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters; and
generating a password mapping for the respective password based upon the assigned values andwherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided is an apparatus and method for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile, then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes are from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.
37 Citations
5 Claims
-
1. A method of detecting intrusion attempts on a computing system, comprising:
-
creating a first mapping profile of a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password; storing the mapping profile in memory; creating a second mapping profile of an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password; calculating a profile score by comparing the first mapping profile to the second mapping profile; comparing the profile score to a threshold value; and classifying the entered profile into one of two or more security classifications based upon the comparison between the profile score and the threshold value; and wherein the first mapping and the second mapping each comprise; comparing successive characters of the respective password; assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters; and generating a password mapping for the respective password based upon the assigned values and wherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters. - View Dependent Claims (2, 3, 4, 5)
-
Specification