Zero-Day Attack Signatures Detection Using Honeypot
作者: Chirag S. Thaker , Reshma R. Patel
DOI:
关键词: Computer network 、 Computer security 、 Malware 、 Honeypot 、 Longest common substring problem 、 Firewall (construction) 、 Intrusion detection system 、 Network packet 、 Substring 、 Computer science 、 Zero-day attack
摘要: Self-propagating malware, such as worms, have prompted cyber attacks that compromise regular computer systems via exploiting memory-related vulnerabilities which present threats to networks . A new generation worm could infect millions of hosts in just a few minutes, making on time human intrusion impossible. The worms are spread over the network basis and growing enormously. Here we also facing problem automatically reliably detecting previously unknown known zero-day attack.In this paper, I described use Honeypot detect Zeroday attack network. This paper addresses attacks, generating solutions can prevent infections their early stages. method generate signatures using proposed detection system is presented. detected scanned through system. Honeycomb host-based creates signatures. It uses honeypot capture malicious traffic targeting dark space, then applies Longest Common Substring (LCS) algorithm packet content number connections going same services. computed substring used candidate signature. well suited for extracting string automated updates firewall.
ijcaonline.org参考文章(7)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen, HoneyStat: Local Worm Detection Using Honeypots recent advances in intrusion detection. pp. 39- 58 ,(2004) , 10.1007/978-3-540-30143-1_3
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384
Dawn Xiaodong Song, James Newsome, Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software network and distributed system security symposium. ,(2005)
Georgios Portokalidis, Asia Slowinska, Herbert Bos, Argos Proceedings of the 2006 EuroSys conference on - EuroSys '06. ,vol. 40, pp. 15- 27 ,(2006) , 10.1145/1217935.1217938
S Pastrana, A Orfila, A Ribagorda, A Functional Framework to Evade Network IDS hawaii international conference on system sciences. pp. 1- 10 ,(2011) , 10.1109/HICSS.2011.12