Brute Force vs. Hueristic Attacks

Loading...

From the course by New York University Tandon School of Engineering

Introduction to Cyber Attacks

273 ratings

New York University Tandon School of Engineering

Introduction to Cyber Attacks

273 ratings

Course 1 of 4 in the Specialization Introduction to Cyber Security

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

From the lesson

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Meet the Instructors

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC
Computer Science

There's two different types of attacks that we see in cyber security.

The first is called brute force.

That's where an attacker creates software, creates a system,

creates some sort of an attack strategy that's literally going to try every

possibility in some input set to try and break into your system.

The obvious example here is passwords, right?

So one possible way to break your password, [LAUGH] is try every password.

And I know it sounds crazy, but that's why we try and

lengthen the password that you're using.

Make sure that it's of sufficient length and complexity that it's not easy for

you to just try every possibility.

If you have a three character password, then in my sleep I can write a program

that will try all possibilities of three characters.

So brute force attacks, it turns out,

are things that are thwarted in cyber security by making size to domain.

Now keep that in mind.

Size becomes a means for dealing with brute force attacks.

When someone asks you, hey, what's the strength of this cryptographic algorithm?

Sometimes what they mean is, what's the size of the key?

What's the domain, the number of keys that are possible?

And it's considered strong if the domain size is very big, okay?

So that's the first thing, brute force.

The second type of attack that we often see in cyber is called a heuristic attack.

A heuristic attack is a little different.

That's where you're using your intelligence, you're using knowledge,

you're using something called a shortcut.

So where brute force, I write a program or I do something that runs through

every possibility, heuristic attacks you say, I don't have time for that.

I can't do it that way, I need a shortcut.

I need some way of making the amount of time to attack your system reduced.

Now the way we deal with heuristic attacks on the offensive side is not with size,

but with complexity.

I try and make whatever my scheme is that you're trying to break so

complicated that you can't use your intelligence.

So let's put those together.

Brute force is about size.

So if I see something that has a weakness in terms of, say, the number of keys

in crypto, or the number of possibilities in terms of guessing,

then that brute force nature would lead me to follow that approach.

But if I see that you've accounted for that,

then I'm going to use my intelligence and say wow, let's see if we can find a way to

break the system without having to try all the possibilities.

So, for example, let's take a dumb crypto example.

If I said there are three characters to the keys, then duh, you use brute force.

But if I try and make the key length real big then the question is,

can I figure out the algorithm?

Are you doing something really dumb?

If it's a function, is F of 2, 4?

F of 3, 6?

F of 4, 8?

I don't need to go through all the possibilities to see that you're doubling

the domain input.

So complexity and size

are the two ways that we deal with these main two types cyber attacks.

Brute force dealt with by size, heuristic dealt with by complexity.

Keep that in mind, thanks.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2018 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play