HoneyStat: Local Worm Detection Using Honeypots
作者: David Dagon , Xinzhou Qin , Guofei Gu , Wenke Lee , Julian Grizzard
DOI: 10.1007/978-3-540-30143-1_3
关键词: Computer security 、 Alert correlation 、 Intrusion detection system 、 Honeypot 、 False positive paradox 、 Noise (video) 、 Data mining 、 Computer science 、 Alert management 、 Local area network
摘要: Worm detection systems have traditionally used global strategies and focused on scan rates. The noise associated with this approach requires statistical techniques large data sets (e.g., 220 monitored machines) to yield timely alerts avoid false positives. for smaller local networks not been fully explored.
springer.com
core.ac.uk
sci-hub.se 参考文章(34)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Xuxian Jiang, Dongyan Xu, Collapsar: a VM-based architecture for network attack detention center usenix security symposium. pp. 2- 2 ,(2004)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Guofei Gu, M. Sharif, Xinzhou Qin, D. Dagon, Wenke Lee, G. Riley, Worm detection, early warning and response based on local victim information annual computer security applications conference. pp. 136- 145 ,(2004) , 10.1109/CSAC.2004.51
Jonathan Lemon, Kqueue - A Generic and Scalable Event Notification Facility usenix annual technical conference. pp. 141- 153 ,(2001)
Sarma Vangala, Kevin A. Kwiat, Lixin Gao, Jiang Wu, An Effective Architecture and Algorithm for Detecting Worms with Various Scan. network and distributed system security symposium. ,(2004)
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)