Apparatus for Detecting Password Attacks Using Modeling Techniques
Abstract
Provided is an apparatus for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile. then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes arc from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.
Claims
exact text as granted — not AI-modified1 . A password protection system, comprising:
a first mapping profile corresponding to a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password; a second mapping profile corresponding to an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password; a profile score based upon a comparison of the first mapping profile and the second mapping profile. a threshold value: two or more security classifications; and logic for assigning the profile score to one of the two or more security classifications based upon a comparison between the profile score and the threshold value; wherein
each of the first and second mapping are generated by comparing successive characters of the respective password.
assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters, and
generating the respective password mapping based upon the assigned values; and
wherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters.
2 . The system of claim 1 , wherein at least one of the security classifications represents an attempted intrusion.
3 . The system of claim 1 , wherein the profile score is also based upon whether or not any two successive characters of the entered password are transpositions of two, corresponding characters of the valid password.
4 . A computer program product for detecting intrusion attempts on a computing system, comprising:
a memory; logic, stored on the memory, for creating a first mapping profile of a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password; logic, stored on the memory, for storing the mapping profile in a memory; logic, stored on the memory, for creating a second mapping profile of an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password; logic, stored on the memory, for calculating a profile score by comparing the first mapping profile to the second mapping profile; logic, stored on the memory, for comparing the profile score to a threshold value; logic, stored on the memory, for classifying the entered profile into one of two or more security classifications based upon the comparison between the profile score and the threshold value; and logic, stored on the memory, for either enabling or preventing access to the computing system based upon the security classification; wherein the first mapping step and the second mapping step each comprise:
logic, stored on the memory, for comparing successive characters of the respective password;
logic, stored on the memory, for assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters; and
logic, stored on the memory, for generating a password mapping for the respective password based upon the assigned values; and
wherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters.
5 . The computer program product of claim 4 , wherein at least one of the security classifications represents an intrusion attempt on the computing system.
6 . (The computer program product of claim 4 , wherein the second mapping further comprises:
logic, stored on the memory, for comparing the valid password to the entered password; and logic, stored on the memory, for determining when a pair of characters in the entered password are a transposition of a corresponding pair of letters in the valid password; and, when there is a transposition, logic, stored on the memory, for adjusting the profile score.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.