The Nepenthes Platform: An Efficient Approach to Collect Malware
作者: Paul Baecher , Markus Koetter , Thorsten Holz , Maximillian Dornseif , Felix Freiling
DOI: 10.1007/11856214_9
关键词: Scalability 、 Effective solution 、 Malware 、 Computer security 、 Honeypot 、 Computer science 、 Software deployment 、 Intrusion detection system 、 Host (network) 、 Service (systems architecture)
摘要: Up to now, there is little empirically backed quantitative and qualitative knowledge about self-replicating malware publicly available. This hampers research in these topics because many counter-strategies against malware, e.g., network- host-based intrusion detection systems, need hard empirical data take full effect. We present the nepenthes platform, a framework for large-scale collection of information on wild. The basic principle emulate only vulnerable parts service. leads an efficient effective solution that offers advantages compared other honeypot-based solutions. Furthermore, flexible deployment solution, leading even better scalability. Using platform we several organizations were able greatly broaden basis available provide thousands samples previously unknown vendors IDS/anti-virus systems. improves rate this kind threat.
springer.com
core.ac.uk
sci-hub.se 参考文章(20)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Yoichi Shinoda, Ko Ikai, Motomu Itoh, Vulnerabilities of passive internet threat monitors usenix security symposium. pp. 14- 14 ,(2005)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Xuxian Jiang, Dongyan Xu, Collapsar: a VM-based architecture for network attack detention center usenix security symposium. pp. 2- 2 ,(2004)
T. Holz, A short visit to the bot zoo [malicious bots software] ieee symposium on security and privacy. ,vol. 3, pp. 76- 79 ,(2005) , 10.1109/MSP.2005.58
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8