{"id":"https://openalex.org/W2902517157","doi":"https://doi.org/10.1145/3274694.3274714","title":"A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites","display_name":"A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern Websites","publication_year":2018,"publication_date":"2018-12-03","ids":{"openalex":"https://openalex.org/W2902517157","doi":"https://doi.org/10.1145/3274694.3274714","mag":"2902517157"},"language":"en","primary_location":{"id":"doi:10.1145/3274694.3274714","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274714","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274714","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274714","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044220823","display_name":"Bo L\u00fc","orcid":"https://orcid.org/0000-0002-3807-7869"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Bo Lu","raw_affiliation_strings":["The Ohio State University"],"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071738824","display_name":"Xiaokuan Zhang","orcid":"https://orcid.org/0000-0002-4646-7146"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiaokuan Zhang","raw_affiliation_strings":["The Ohio State University"],"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084582505","display_name":"Ziman Ling","orcid":null},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ziman Ling","raw_affiliation_strings":["The Ohio State University"],"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070946957","display_name":"Yinqian Zhang","orcid":"https://orcid.org/0000-0002-7585-1075"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yinqian Zhang","raw_affiliation_strings":["The Ohio State University"],"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026864098","display_name":"Zhiqiang Lin","orcid":"https://orcid.org/0000-0001-6527-5994"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhiqiang Lin","raw_affiliation_strings":["The Ohio State University"],"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5044220823"],"corresponding_institution_ids":["https://openalex.org/I52357470"],"apc_list":null,"apc_paid":null,"fwci":2.3561,"has_fulltext":true,"cited_by_count":16,"citation_normalized_percentile":{"value":0.91729216,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"89","last_page":"100"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.779799222946167},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.7654848098754883},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.752607524394989},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7223705649375916},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.652852475643158},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.5170608162879944},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.42647600173950195},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3552771210670471},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3259204030036926},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.32390302419662476},{"id":"https://openalex.org/keywords/authentication-protocol","display_name":"Authentication protocol","score":0.2801053524017334},{"id":"https://openalex.org/keywords/challenge\u2013response-authentication","display_name":"Challenge\u2013response authentication","score":0.1700248420238495}],"concepts":[{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.779799222946167},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.7654848098754883},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.752607524394989},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7223705649375916},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.652852475643158},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.5170608162879944},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.42647600173950195},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3552771210670471},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3259204030036926},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.32390302419662476},{"id":"https://openalex.org/C21564112","wikidata":"https://www.wikidata.org/wiki/Q4825885","display_name":"Authentication protocol","level":3,"score":0.2801053524017334},{"id":"https://openalex.org/C131129157","wikidata":"https://www.wikidata.org/wiki/Q1059963","display_name":"Challenge\u2013response authentication","level":4,"score":0.1700248420238495}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3274694.3274714","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274714","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274714","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3274694.3274714","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3274694.3274714","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3274694.3274714","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 34th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.75}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2902517157.pdf","grobid_xml":"https://content.openalex.org/works/W2902517157.grobid-xml"},"referenced_works_count":37,"referenced_works":["https://openalex.org/W762975277","https://openalex.org/W1267153886","https://openalex.org/W1488616864","https://openalex.org/W1603565383","https://openalex.org/W1605303397","https://openalex.org/W1667580224","https://openalex.org/W1921097329","https://openalex.org/W2000600322","https://openalex.org/W2007488200","https://openalex.org/W2019578814","https://openalex.org/W2030112111","https://openalex.org/W2054626033","https://openalex.org/W2073342447","https://openalex.org/W2086553822","https://openalex.org/W2091833612","https://openalex.org/W2105523261","https://openalex.org/W2109878465","https://openalex.org/W2111397260","https://openalex.org/W2123761123","https://openalex.org/W2125561172","https://openalex.org/W2125927592","https://openalex.org/W2131572598","https://openalex.org/W2134909295","https://openalex.org/W2135359429","https://openalex.org/W2196513764","https://openalex.org/W2318902448","https://openalex.org/W2341614611","https://openalex.org/W2350778671","https://openalex.org/W2380581874","https://openalex.org/W2396697587","https://openalex.org/W2399099022","https://openalex.org/W2463456957","https://openalex.org/W2490171383","https://openalex.org/W2538793708","https://openalex.org/W2575029217","https://openalex.org/W2680793898","https://openalex.org/W2793573497"],"related_works":["https://openalex.org/W137322897","https://openalex.org/W2989690789","https://openalex.org/W2555472429","https://openalex.org/W2054626033","https://openalex.org/W3031972324","https://openalex.org/W3048720371","https://openalex.org/W4245269869","https://openalex.org/W2906808255","https://openalex.org/W3131491961","https://openalex.org/W2556280578"],"abstract_inverted_index":{"Text":[0],"passwords":[1,23,202],"remain":[2],"a":[3,87,102,197],"primary":[4],"means":[5],"for":[6],"user":[7,22,199],"authentication":[8,75,211],"on":[9],"modern":[10],"computer":[11],"systems.":[12,46],"However,":[13],"recent":[14],"studies":[15,71],"have":[16,72],"shown":[17],"the":[18,29,34,109,113,118,132,138,166,170,181,204],"promises":[19],"of":[20,28,90,112,162],"guessing":[21],"efficiently":[24],"with":[25,200],"auxiliary":[26],"information":[27],"targeted":[30],"accounts,":[31],"such":[32,50,91],"as":[33,51],"users'":[35],"personal":[36],"information,":[37],"previously":[38],"used":[39,43],"passwords,":[40],"or":[41,157,173],"those":[42],"in":[44,131,137],"other":[45],"Authentication":[47],"rate-limiting":[48,76,114,182],"mechanisms,":[49],"account":[52,155,205],"lockout":[53,156],"and":[54,107],"login":[55,152,158,171],"throttling,":[56],"are":[57,143,188],"common":[58],"methods":[59],"to":[60,67,105,120,129,168,179],"defeat":[61],"online":[62,94],"password":[63,95],"cracking":[64],"attacks.":[65,213],"But":[66],"date,":[68],"no":[69],"published":[70],"investigated":[73],"how":[74],"is":[77,206],"implemented":[78],"by":[79],"popular":[80],"websites.":[81],"In":[82],"this":[83,98],"paper,":[84],"we":[85,100,126],"present":[86],"measurement":[88],"study":[89],"countermeasures":[92],"against":[93],"cracking.":[96],"Towards":[97],"end,":[99],"propose":[101],"black-box":[103],"approach":[104],"modeling":[106],"validating":[108],"websites'":[110],"implementation":[111],"mechanisms.":[115],"We":[116],"applied":[117],"tool":[119],"examine":[121],"all":[122],"182":[123],"websites":[124,136,147,164,187,194],"that":[125],"were":[127],"able":[128],"analyze":[130],"Alexa":[133],"Top":[134],"500":[135],"United":[139],"States.":[140],"The":[141,184],"results":[142],"rather":[144],"surprising:":[145],"131":[146],"(72%)":[148],"allow":[149],"frequent,":[150],"unsuccessful":[151],"attempts":[153],"without":[154],"throttling":[159],"(though":[160],"some":[161],"these":[163],"force":[165],"adversary":[167],"lower":[169],"frequency":[172],"constantly":[174],"change":[175],"his":[176],"IP":[177],"addresses":[178],"circumvent":[180],"enforcement).":[183],"remaining":[185],"51":[186],"not":[189],"absolutely":[190],"secure":[191],"either:":[192],"28":[193],"may":[195],"block":[196],"legitimate":[198],"correct":[201],"when":[203],"locked":[207],"out,":[208],"effectively":[209],"enabling":[210],"denial-of-service":[212]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2}],"updated_date":"2026-02-25T23:00:34.991745","created_date":"2025-10-10T00:00:00"}