Explore
For Enterprise
Join for Free
Log In

Browse
Search
For Enterprise
Log In
Join for Free

Brute Force vs. Hueristic Attacks

Loading...

Introduction to Cyber Attacks

New York University Tandon School of Engineering

4.7 (771 ratings) | 17K Students Enrolled

Course 1 of 4 in the Introduction to Cyber Security Specialization

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

Skills You'll Learn

Cybersecurity, Information Security (INFOSEC), Denial-Of-Service Attack (DOS), Risk Assessment

Reviews

4.7 (771 ratings)

5 stars
570 ratings
4 stars
166 ratings
3 stars
28 ratings
2 stars
6 ratings
1 star
1 ratings

RJ

May 03, 2019

It was fun and challenging. There were few areas were in the quiz where I need to google a few terms which I have not heard before. But other than that it was really fun. Learned a lot.

SD

Apr 24, 2018

its a awesome course.it fills us with knowledge and also spread awareness about different types of cyber attacks and how to prevent ourselves. it also adds my skills list to my resume.

From the lesson

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Taught By

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC

Transcript

There's two different types of attacks that we see in cyber security. The first is called brute force. That's where an attacker creates software, creates a system, creates some sort of an attack strategy that's literally going to try every possibility in some input set to try and break into your system. The obvious example here is passwords, right? So one possible way to break your password, [LAUGH] is try every password. And I know it sounds crazy, but that's why we try and lengthen the password that you're using. Make sure that it's of sufficient length and complexity that it's not easy for you to just try every possibility. If you have a three character password, then in my sleep I can write a program that will try all possibilities of three characters. So brute force attacks, it turns out, are things that are thwarted in cyber security by making size to domain. Now keep that in mind. Size becomes a means for dealing with brute force attacks. When someone asks you, hey, what's the strength of this cryptographic algorithm? Sometimes what they mean is, what's the size of the key? What's the domain, the number of keys that are possible? And it's considered strong if the domain size is very big, okay? So that's the first thing, brute force. The second type of attack that we often see in cyber is called a heuristic attack. A heuristic attack is a little different. That's where you're using your intelligence, you're using knowledge, you're using something called a shortcut. So where brute force, I write a program or I do something that runs through every possibility, heuristic attacks you say, I don't have time for that. I can't do it that way, I need a shortcut. I need some way of making the amount of time to attack your system reduced. Now the way we deal with heuristic attacks on the offensive side is not with size, but with complexity. I try and make whatever my scheme is that you're trying to break so complicated that you can't use your intelligence. So let's put those together. Brute force is about size. So if I see something that has a weakness in terms of, say, the number of keys in crypto, or the number of possibilities in terms of guessing, then that brute force nature would lead me to follow that approach. But if I see that you've accounted for that, then I'm going to use my intelligence and say wow, let's see if we can find a way to break the system without having to try all the possibilities. So, for example, let's take a dumb crypto example. If I said there are three characters to the keys, then duh, you use brute force. But if I try and make the key length real big then the question is, can I figure out the algorithm? Are you doing something really dumb? If it's a function, is F of 2, 4? F of 3, 6? F of 4, 8? I don't need to go through all the possibilities to see that you're doubling the domain input. So complexity and size are the two ways that we deal with these main two types cyber attacks. Brute force dealt with by size, heuristic dealt with by complexity. Keep that in mind, thanks.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

Products

Certificates
Catalog
MasterTrack™ Certificates
Degrees

Enterprise
Government

Community

Learners
Developers
Beta Testers
Translators
Tech Blog

Coursera

About
Careers
Partners
Press
Blog
Affiliates
Contact
Help

© 2019 Coursera Inc. All rights reserved.

Privacy
Terms
Accessibility
Directory