Brute Force vs. Hueristic Attacks - Understanding Basic Security Frameworks | Coursera

Explore all of Coursera

Browse
Top Courses
Log In
Join for Free

Brute Force vs. Hueristic Attacks

Loading...

Introduction to Cyber Attacks

New York University

4.7 (1,227 ratings) | 28K Students Enrolled

Course 1 of 4 in the Introduction to Cyber Security Specialization

Enroll for Free

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

Skills You'll Learn

Cybersecurity, Information Security (INFOSEC), Denial-Of-Service Attack (DOS), Risk Assessment

Reviews

4.7 (1,227 ratings)

5 stars
73%
4 stars
22%
3 stars
4%
2 stars
0%
1 star
1%

K

May 19, 2020

really good\n\ni have certified network security specialist\n\ncomptia sec + but this course cover some gaps\n\nreally very good course and instructor sis too good and teaching like our friend

AA

Feb 26, 2018

Great introduction to cybersecurity concepts with relevant supplemental material in the form of journal papers, magazine articles and supporting TED talks and videos. Highly recommended!

From the lesson

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Taught By

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC

Try the Course for Free

Transcript

There's two different types of attacks that we see in cyber security. The first is called brute force. That's where an attacker creates software, creates a system, creates some sort of an attack strategy that's literally going to try every possibility in some input set to try and break into your system. The obvious example here is passwords, right? So one possible way to break your password, [LAUGH] is try every password. And I know it sounds crazy, but that's why we try and lengthen the password that you're using. Make sure that it's of sufficient length and complexity that it's not easy for you to just try every possibility. If you have a three character password, then in my sleep I can write a program that will try all possibilities of three characters. So brute force attacks, it turns out, are things that are thwarted in cyber security by making size to domain. Now keep that in mind. Size becomes a means for dealing with brute force attacks. When someone asks you, hey, what's the strength of this cryptographic algorithm? Sometimes what they mean is, what's the size of the key? What's the domain, the number of keys that are possible? And it's considered strong if the domain size is very big, okay? So that's the first thing, brute force. The second type of attack that we often see in cyber is called a heuristic attack. A heuristic attack is a little different. That's where you're using your intelligence, you're using knowledge, you're using something called a shortcut. So where brute force, I write a program or I do something that runs through every possibility, heuristic attacks you say, I don't have time for that. I can't do it that way, I need a shortcut. I need some way of making the amount of time to attack your system reduced. Now the way we deal with heuristic attacks on the offensive side is not with size, but with complexity. I try and make whatever my scheme is that you're trying to break so complicated that you can't use your intelligence. So let's put those together. Brute force is about size. So if I see something that has a weakness in terms of, say, the number of keys in crypto, or the number of possibilities in terms of guessing, then that brute force nature would lead me to follow that approach. But if I see that you've accounted for that, then I'm going to use my intelligence and say wow, let's see if we can find a way to break the system without having to try all the possibilities. So, for example, let's take a dumb crypto example. If I said there are three characters to the keys, then duh, you use brute force. But if I try and make the key length real big then the question is, can I figure out the algorithm? Are you doing something really dumb? If it's a function, is F of 2, 4? F of 3, 6? F of 4, 8? I don't need to go through all the possibilities to see that you're doubling the domain input. So complexity and size are the two ways that we deal with these main two types cyber attacks. Brute force dealt with by size, heuristic dealt with by complexity. Keep that in mind, thanks.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Top Online Courses

AI for Everyone
Introduction to TensorFlow
Neural Networks and Deep Learning
Algorithms, Part 1
Algorithms, Part 2
Machine Learning
Machine Learning with Python
Machine Learning Using Sas Viya
R Programming
Intro to Programming with Matlab
Data Analysis with Python
AWS Fundamentals: Going Cloud Native
Google Cloud Platform Fundamentals
Site Reliability Engineering
Speak English Professionally
The Science of Well Being
Learning How to Learn
Financial Markets
Hypothesis Testing in Public Health
Foundations of Everyday Leadership

Top Online Specializations

Deep Learning
Python for Everybody
Data Science
Applied Data Science with Python
Business Foundations
Architecting with Google Cloud Platform
Data Engineering on Google Cloud Platform
Excel to MySQL
Advanced Machine Learning
Mathematics for Machine Learning
Self-Driving Cars
Blockchain Revolution for the Enterprise
Business Analytics
Excel Skills for Business
Digital Marketing
Statistical Analysis with R for Public Health
Fundamentals of Immunology
Anatomy
Managing Innovation and Design Thinking
Foundations of Positive Psychology

Online Certificates

Google IT Support
IBM Customer Engagement Specialist
IBM Data Science
Applied Project Management
IBM Applied AI Professional Certificate
Machine Learning for Analytics
Spatial Data Analysis and Visualization
Construction Engineering and Management
Instructional Design

Online Degree Programs

Master's in Data Science
Bachelors Degree in Computer Science
Computer Science and Engineering Degrees
Master's in Machine Learning
MBA and Business Degrees
Master's in Electrical Engineering
Master's in Public Health
Master's in Information Technology

Coursera

О проекте
Руководство
Карьера
Каталог
Сертификаты
Сертификаты MasterTrack™
Степени
Для организаций
Для правительственных организаций
Для стационара
Борьба с последствиями коронавируса

Community

Учащиеся
Партнеры
Разработчики
Бета-тестировщики
Переводчики
Блог
Технический блог

More

Условия
Конфиденциальность
Помощь
Доступность
Пресса
Контакты
Справочник
Филиалы

Get it on Google Play

© 2020 Coursera Inc. All rights reserved.