Honeycomb: creating intrusion detection signatures using honeypots
作者: Christian Kreibich , Jon Crowcroft
关键词: Host-based intrusion detection system 、 Computer science 、 Computer network 、 Honeypot 、 Protocol (object-oriented programming) 、 Intrusion detection system 、 Anomaly-based intrusion detection system
摘要: This paper describes a system for automated generation of attack signatures network intrusion detection systems. Our applies pattern-matching techniques and protocol conformance checks on multiple levels in the hierarchy to traffic captured honeypot system. We present results running an unprotected cable modem connection 24 hours. The successfully created precise that otherwise would have required skills time security officer inspect manually.
acm.org
postech.ac.kr 参考文章(16)
Bill Cheswick, The Design of a Secure Internet Gateway. USENIX Summer. pp. 233- 238 ,(1990)
Dan Gusfield, Algorithms on Strings, Trees, and Sequences: Suffix Trees and Their Uses ,(1997) , 10.1017/CBO9780511574931
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
C. Stoll, The Cuckoo's Egg ,(1989)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Vern Paxson, Christian Kreibich, Mark Handley, Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics usenix security symposium. pp. 9- 9 ,(2001)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Dan Gusfield, Algorithms on Strings, Trees and Sequences: Computer Science and Computational Biology ,(1997)
Clifford Stoll, The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage ,(1991)