Composite Hybrid Techniques For Defending Against Targeted Attacks
作者: Stelios Sidiroglou , Angelos D. Keromytis
DOI: 10.1007/978-0-387-44599-1_10
关键词:
摘要: We investigate the use of hybrid techniques as a defensive mechanism against targeted attacks and introduce Shadow Honeypots, novel architecture that combines best features honeypots anomaly detection. At high level, we variety detectors to monitor all traffic protected network/service. Traffic is considered anomalous processed by ”shadow honeypot” determine accuracy prediction. The shadow an instance software shares internal state with regular (”production”) application, instrumented detect potential attacks. Attacks are caught, any incurred changes discarded. Legitimate was misclassified will be validated handled correctly system transparently end user. outcome processing request used filter future attack instances could update detector.
springer.com
springerlink.com参考文章(58)
Yoichi Shinoda, Ko Ikai, Motomu Itoh, Vulnerabilities of passive internet threat monitors usenix security symposium. pp. 14- 14 ,(2005)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Paul C. van Oorschot, Evangelos Kranakis, David Whyte, DNS-based Detection of Scanning Worms in an Enterprise Network. network and distributed system security symposium. ,(2005)
V. N. Venkatakrishnan, Zhenkai Liang, Weiqing Sun, R. Sekar, One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments. network and distributed system security symposium. ,(2005)
Tzi-cker Chiueh, Alexey Smirnov, DIRA: Automatic Detection, Identification and Repair of Control-Hijacking Attacks. network and distributed system security symposium. ,(2005)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Application communities: using monoculture for dependability hot topics in system dependability. pp. 9- 9 ,(2005) , 10.7916/D8WH30BW
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Michael E. Locasto, Angelos D. Keromytis, Stelios Sidiroglou, Stephen W. Boyd, Building a reactive immune system for software services usenix annual technical conference. pp. 11- 11 ,(2005) , 10.7916/D86D6562