SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
作者: Georgios Portokalidis , Herbert Bos
DOI: 10.1016/J.COMNET.2006.09.005
关键词:
摘要: As next-generation computer worms may spread within minutes to millions of hosts, protection via human intervention is no longer an option. We discuss the implementation SweetBait, automated system that employs low- and high-interaction honeypots recognise capture suspicious traffic. After discarding whitelisted patterns, it automatically generates worm signatures. To provide a low response time, signatures be immediately distributed network intrusion detection prevention systems. At same time are continuously refined for increased accuracy lower false identification rates. By monitoring signature activity predicting ascending or descending trends in virulence, we able sort order urgency. result, set monitored filtered managed such way new very active always included set, while size bounded. SweetBait deployed on medium sized academic networks across world react zero-day minutes. Furthermore, demonstrate how globally sharing can help immunise parts Internet.
acm.org
elsevier.com
researchgate.net 
sci-hub.se 参考文章(36)
Jon Crowcroft, Antony Rowstron, Miguel Castro, Manuel Costa, Can we contain Internet worms Association for Computing Machinery, Inc.. pp. 7- ,(2004)
Karl Levitt, Steven Cheung, Jeremy Frank, Raymond Yip, Rick Crawford, Mark Dilger, Stuart Staniford-Chen, Jim Hoagland, Je Rowe, Dan Zerkle, The Design of GrIDS: A Graph-Based Intrusion Detection System ,(2007)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Willem de Bruijn, Asia Slowinska, Kees van Reeuwijk, Tomas Hruby, Li Xu, Herbert Bos, SafeCard: A Gigabit IPS on the Network Card Lecture Notes in Computer Science. pp. 311- 330 ,(2006) , 10.1007/11856214_16
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Xuxian Jiang, Dongyan Xu, Collapsar: a VM-based architecture for network attack detention center usenix security symposium. pp. 2- 2 ,(2004)
Georgios Portokalidis, Mihai Cristea, Willem de Bruijn, Herbert Bos, Trung Nguyen, FFPF: fairly fast packet filters operating systems design and implementation. pp. 24- 24 ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
K.G. Anagnostakis, M.B. Greenwald, S. Ioannidis, A.D. Keromytis, Dekai Li, A cooperative immunization system for an untrusting Internet international conference on networks. pp. 403- 408 ,(2003) , 10.1109/ICON.2003.1266224
H. Bos, Kaiming Huang, Towards Software-Based Signature Detection for Intrusion Prevention on the Network Card Lecture Notes in Computer Science. pp. 102- 123 ,(2006) , 10.1007/11663812_6