International Business Machines Corporation
Detection of and defense against password spraying attacks

Abstract:

Detecting and defending against password spraying attacks is provided. Information is received regarding failed attempts to login to user accounts located on a target system of a network. Each password used to attempt a failed login to any of the user accounts located on the target system is recorded. It is determined whether a common password is used in a failed login attempt to a number of different user accounts located on the target system greater than or equal to a predetermined threshold. In response to determining that the common password was used in the failed login attempt to the number of different user accounts on the target system greater than or equal to the predetermined threshold, an alert is sent regarding a password spraying attack corresponding to the common password that resulted in the failed login attempt to the number of different user accounts located on the target system.