DUAL COMBAT TECHNIQUE-BASED CYBER SYSTEMS PROTECTION AGAINST PASSWORD ATTACKS
DOI:
https://doi.org/10.4314/njt.v43i4.11Keywords:
Cyber-System Protection, brute-force, Password attack, Dual Combat Technique, Cybersecurity, Application system security, System protectionAbstract
The rise in machine-enabled password attacks and the cost per record lost in an average case of a data breach necessitate the need for a more robust technique for combating password attacks. Organizations of different sizes and global reputation have been victims of cyber-attacks. The problem of cyber-attacks has attracted several research responses from researchers with some attending results. This article presents the Dual Combat Technique-based Cyber-Systems protection against password attack. The proposed system utilizes a-three-tier model for detection, notification, and combat. The dual combat technique involves the System Protection Model (SPM) and the User Protection Model (UPM). While the SPM implemented a time delay algorithm powered by a geometric progression model, the UPM uses a dual handshake method for data communication between the user and the server. In the first instance, the UPM sends data to the Cyber-system server through an HTTP Request over an SMS gateway to virtualize a user’s account upon a trigger by the attack detection model. In the second instance, the deactivation of the virtualization operation uses the authentication of the user’s email and phone number. The result of the work presents a system that introduces a time-delay after a number of login attempts defined by a certain threshold value, and a user response action for account virtualization. The application testing presented a success rate of 90.16% on the number of times the request response was induced over an eight-day period of testing and 9.84% failed attempts.
References
[1] Lusthaus, J. “Reconsidering Crime and Technology: What Is This Thing We Call Cybercrime?,” Annu. Rev. Law Soc. Sci., vol. 20, no. 1, pp. 369–385, 2024, doi: 10.1146/annurev-lawsocsci-041822-044042.
[2] Wall, D. S. Cybercrime: The Transformation of Crime in the Information Age, 2nd edition, Cambridge: Polity, 2nd editio. Cambridge, 2024. [Online]. Available: https://www.wiley. com/en-us/Cybercrime%3A+The+Transforma tion+of+Crime+in+the+Information+Age-p-9 780745653532
[3] Al Hasib, A. “Threats of Online Social Networks,” 2009.
[4] Al Hasib, A. “Threats of Online Social Networks,” Int. J. Comput. Sci. Netw. Secur., vol. 9, no. 11, p. 288, 2009.
[5] Thomas, F. Stafford and Robin Poston, “Online Security Threats and Computer User Intentions,” 2010, IEEE Computer Society. [O nline]. Available: www.grc.com/intro.htm
[6] Cheng, L., Liu, F., and Yao, D. D. “Enterprise data breach: causes, challenges, prevention, and future directions,” Sep. 01, 2017, Wiley-Blackwell. doi: 10.1002/widm.1211.
[7] Department for Digital Culture Media and Sport, “Cyber Security Breaches Survey 2021 Statistical Release,” London, 2021. [Online]. Available: www.nationalarchives.gov.uk/doc/ open-government-licence/ or
[8] Blocki, J., Harsha, B., and Zhou, S. “On the Economics of Offline Password Cracking,” Jun. 2020, [Online]. Available: http://arxiv.o rg/abs/2006.05023
[9] Mary, C., Ah, K., Zhaoshun, W., and Deb, D. S. “Security Analysis of MD5 algorithm in Password Storage,” in Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA-13), Atlantis Press, Paris, France., 2013.
[10] Preethika, S. “Password Protection Using Cryptographic Hash Technique,” Int. J. Emerg. Technol. Eng. Res., vol. 4, 2016, [Online]. Available: www.ijeter.everscience.o rg
[11] Soumya, G., and Soumya, P. “Authentication by Encrypted Negative Password,” J. Resour. Manag. Technol., vol. 12, no. 1, pp. 437–442, 2021.
[12] Erike, A. I, Azubogu A. C, Akpado K. A, Arinze C. O, Mshelia Y.U, “Dynamic User-Dependent Technique for Robust Multi-Password Generation Against Offline Cracking Attacks,” Int. J. Sci. Res. Comput. Sci. Eng., vol. 11, no. 4, pp. 15–23, 2023.
[13] Blocki, J. and Datta, A. “CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection,” in 29th IEEE Computer Security Foundations Symposium, Sep. 2015. doi: DOI: 10.1109/CSF.2016.33.
[14] Shubham Sawant, Pratik Saptal, Kritish Lokhande, Karan Gadhave, and Randeep Kaur, “Honeywords - Making Password Crac-king Detectable,” Int. J. Eng. Res. Adv. Technol., vol. 4, no. 4, Apr. 2018, doi: http://dx.doi.org/10.7324/IJERAT.2018.3218.
[15] Sailaja, C. V. and Reddy, B. T. “Creating secure and dependable honey words to increase password security.,” Ann. Rom. Soc. Cell Biol., vol. 25, no. 4, pp. 19588–19594, 2021.
[16] Erguler, I. “Achieving Flatness: Selecting the Honeywords from Existing User Passwords,” IEEE Trans. Dependable Secur. Comput., vol. 13, no. 2, pp. 284–295, 2016, doi: 10.1109/TDSC.2015.2406707.
[17] Erike, A. I., Azubogu, A. C., and Mshelia, Y. U. “User-Driven Approach to Preventing Unsanctioned Profile Modifications and Deletions in Cloud-Based Multi-Tenant Infrastructures,” UNIZIK J. Eng. Appl. Sci., vol. 2, no. June, pp. 177–186, 2023, [Online]. Available: https://journals.unizik.edu.ng/inde x.php/ujeas/article/view/2202
[18] Ayankoya, F. and Ohwo, B. “Brute-Force Attack Prevention in Cloud Computing Using One-Time Password and Cryptographic Hash Function,” Int. J. Comput. Sci. Inf. Secur., vol. 17, no. 2, pp. 7–19, 2019, [Online]. Available: https://www.academia.edu/38523734/Brute-F orce_Attack_Prevention_in_Cloud_Computing_Using_One-Time_Password_and_Cryptogr aphic_Hash_Function
[19] Farik, M. and Ali, A. S. “Analysis of Default Passwords in Routers against Brute-Force Attack,” Int. J. Sci. Technol. Res., vol. 4, no. 9, pp. 341–345, 2015.
[20] Putnik, G. D., Ferreira, L., Lopes, N. and Putnik, Z. “What is a Cyber-Physical System: Definitions and models spectrum,” FME Trans., vol. 47, no. 4, pp. 663–674, 2019, doi: 10.5937/fmet1904663P.
[21] Seemma, P. S., Nandhini, S., and Sowmiya, M. “Overview of Cyber Security,” Ijarcce, vol. 7, no. 11, pp. 125–128, 2018, doi: 10.17148/ijar cce.2018.71127.
[22] Haunts, S. "Applied Cryptography in . NET and Azure Key Vault", 2019.
[23] Saravanan, A., and Bama, S. S. “A Review on Cyber Security and the Fifth Generation Cyberattacks,” Orient. J. Comput. Sci. Technol., vol. 12, no. 2, pp. 50–56, 2019, doi: 10.13005/ojcst12.02.04.
[24] Abomhara, M. and Køien, G. M. “Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks,” J. Cyber Secur. Mobil., vol. 4, no. 1, pp. 65–88, 2015, doi: 10.13052/jcsm2245-1439.414.
[25] Vugdelija, N., Nedeljković, N., Kojić, N., Lukić, L., and Vesić, M. “Review of Brute-Force Attack and Protection Techniques,” pp. 1–10, 2021, [Online]. Available: https://procee dings.ictinnovations.org/2021/paper/554/review-of-brute-force-attack-and-protection-techni ques
[26] Khandpur, R. P., Ji, T., Jan, S., Wang, G., Lu, C. T. and Ramakrishnan, N. “Crowdsourcing cybersecurity: Cyber attack detection using social media,” Int. Conf. Inf. Knowl. Manag. Proc., vol. Part F1318, pp. 1049–1057, 2017, doi: 10.1145/3132847.3132866.
[27] Hoang, X. D., and Nguyen, N. T. “A multi-layer model for website defacement detection,” ACM Int. Conf. Proceeding Ser., no. October, pp. 508–513, 2019, doi: 10.1145/3368926.3369730.
[28] Conteh, N. Y., and Schmick, P. J. “Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks,” Int. J. Adv. Comput. Res., vol. 6, no. 23, pp. 31–38, 2016, doi: 10.19101/ijacr.2 016.623006.
[29] Qamar, A., Karim, A., and Chang, V. “Mobile malware attacks: Review, taxonomy & future directions,” Futur. Gener. Comput. Syst., vol. 97, pp. 887–909, 2019, doi: 10.1016/j.future.2 019.03.007.
[30] Bosnjak, L., Sres, J., and Brumen, B. “Brute-force and dictionary attack on hashed real-world passwords,” 2018 41st Int. Conv. Inf. Commun. Technol. Electron. Microelectron. MIPRO 2018 - Proc., no. May 2018, pp. 1161–1166, 2018, doi: 10.23919/MIPRO.2018.8400 211.
[31] Rajamanickam, S., Vollala, S., Amin, R., and Ramasubramanian, N. “Insider Attack Protection : Lightweight Password-Based Authentication Techniques Using ECC,” no. May 2021, 2019, doi: 10.1109/JSYST.2019.29 33464.
[32] Moyila Mounika Dev, V. Sarala, and A. Durga Devi, “Multi Level Authentication System Using Sound and Image Based Password Protection,” Mukt Shabd J., vol. IX, no. IV, pp. 4767–4775, Apr. 2020.
[33] Horsch, M., Braun, J., and Buchmann, J. “Password Assistance,” 2017.
[34] Erike, A. I, Inyiama, H. C., and Nwalozie, G. C., “Securing Enterprise Information Using Dual Combat Technique,” Int. J. Comput. Sci. Telecommun., vol. 6, no. 8, pp. 12–18, Aug. 2015.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Nigerian Journal of Technology

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
The contents of the articles are the sole opinion of the author(s) and not of NIJOTECH.
NIJOTECH allows open access for distribution of the published articles in any media so long as whole (not part) of articles are distributed.
A copyright and statement of originality documents will need to be filled out clearly and signed prior to publication of an accepted article. The Copyright form can be downloaded from http://nijotech.com/downloads/COPYRIGHT%20FORM.pdf while the Statement of Originality is in http://nijotech.com/downloads/Statement%20of%20Originality.pdf
For articles that were developed from funded research, a clear acknowledgement of such support should be mentioned in the article with relevant references. Authors are expected to provide complete information on the sponsorship and intellectual property rights of the article together with all exceptions.
It is forbidden to publish the same research report in more than one journal.