Brute Force vs. Hueristic Attacks - Understanding Basic Security Frameworks | Coursera

For EnterpriseFor Students

Browse
Top Courses
Log In
Join for Free

Brute Force vs. Hueristic Attacks

Loading...

Introduction to Cyber Attacks

New York University

4.7 (1,616 ratings) | 36K Students Enrolled

Course 1 of 4 in the Introduction to Cyber Security Specialization

Enroll for Free

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. Familiar analytic models are outlined such as the confidentiality/integrity/availability (CIA) security threat framework, and examples are used to illustrate how these different types of threats can degrade real assets. The course also includes an introduction to basic cyber security risk analysis, with an overview of how threat-asset matrices can be used to prioritize risk decisions. Threats, vulnerabilities, and attacks are examined and mapped in the context of system security engineering methodologies.

Skills You'll Learn

Cybersecurity, Information Security (INFOSEC), Denial-Of-Service Attack (DOS), Risk Assessment

Reviews

4.7 (1,616 ratings)

5 stars
74.38%
4 stars
20.73%
3 stars
3.58%
2 stars
0.74%
1 star
0.55%

SM

May 23, 2020

Dr.Amoroso\n\nwas really awesome I previously took a cybersecurity class in my college but never really learned much about the cyber attacks. It is a great class to start your cyber security journey.

K

May 18, 2020

really good\n\ni have certified network security specialist\n\ncomptia sec + but this course cover some gaps\n\nreally very good course and instructor sis too good and teaching like our friend

From the lesson

Understanding Basic Security Frameworks

This module introduces some fundamental frameworks, models, and approaches to cyber security including the CIA model.

Assignments and Reading2:53

Purpose of Cyber Security4:58

Adversary Types7:35

Vulnerability Types5:16

Threat Types5:22

Matching Quiz1:03

Matching Quiz Solution1:19

Confidentiality Threat6:06

Integrity Threat6:36

Availability Threat5:52

Fraud Threat5:15

Testing for Vultnerabilities4:58

Brute Force vs. Hueristic Attacks3:38

Crytanalysis5:07

Cryptanalyzing Caesar Cipher4:46

Welcome Jose Dominguez9:59

Taught By

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC

Try the Course for Free

Transcript

There's two different types of attacks that we see in cyber security. The first is called brute force. That's where an attacker creates software, creates a system, creates some sort of an attack strategy that's literally going to try every possibility in some input set to try and break into your system. The obvious example here is passwords, right? So one possible way to break your password, [LAUGH] is try every password. And I know it sounds crazy, but that's why we try and lengthen the password that you're using. Make sure that it's of sufficient length and complexity that it's not easy for you to just try every possibility. If you have a three character password, then in my sleep I can write a program that will try all possibilities of three characters. So brute force attacks, it turns out, are things that are thwarted in cyber security by making size to domain. Now keep that in mind. Size becomes a means for dealing with brute force attacks. When someone asks you, hey, what's the strength of this cryptographic algorithm? Sometimes what they mean is, what's the size of the key? What's the domain, the number of keys that are possible? And it's considered strong if the domain size is very big, okay? So that's the first thing, brute force. The second type of attack that we often see in cyber is called a heuristic attack. A heuristic attack is a little different. That's where you're using your intelligence, you're using knowledge, you're using something called a shortcut. So where brute force, I write a program or I do something that runs through every possibility, heuristic attacks you say, I don't have time for that. I can't do it that way, I need a shortcut. I need some way of making the amount of time to attack your system reduced. Now the way we deal with heuristic attacks on the offensive side is not with size, but with complexity. I try and make whatever my scheme is that you're trying to break so complicated that you can't use your intelligence. So let's put those together. Brute force is about size. So if I see something that has a weakness in terms of, say, the number of keys in crypto, or the number of possibilities in terms of guessing, then that brute force nature would lead me to follow that approach. But if I see that you've accounted for that, then I'm going to use my intelligence and say wow, let's see if we can find a way to break the system without having to try all the possibilities. So, for example, let's take a dumb crypto example. If I said there are three characters to the keys, then duh, you use brute force. But if I try and make the key length real big then the question is, can I figure out the algorithm? Are you doing something really dumb? If it's a function, is F of 2, 4? F of 3, 6? F of 4, 8? I don't need to go through all the possibilities to see that you're doubling the domain input. So complexity and size are the two ways that we deal with these main two types cyber attacks. Brute force dealt with by size, heuristic dealt with by complexity. Keep that in mind, thanks.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera Footer

Top Online Courses

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
Machine Learning
Machine Learning Using Sas Viya
The Science of Well Being
Covid-19 Contact Tracing
AI for Everyone
Financial Markets
Introduction to Psychology
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

Top Online Specializations

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
Deep Learning
Python for Everybody
Data Science
Business Foundations
Excel Skills for Business
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
Career Brand Management
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

Online Certificates

Professional Certificates
MasterTrack Certificates
Google IT Support
IBM Data Science
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

Online Degree Programs

Computer Science Degrees
Business Degrees
Public Health Degrees
Data Science Degrees
Bachelor's Degrees
Bachelor of Computer Science
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
Master of Applied Data Science
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
Master's in Public Health

Coursera

About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus
Coronavirus Response

Community

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog
Teaching Center

More

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

Get it on Google Play

© 2020 Coursera Inc. All rights reserved.