Worm Detection Using Honeypots
作者: Dag Christoffersen , Bengt Jonny Mauland
DOI:
关键词:
摘要: This thesis describes a project that utilizes honeypots to detect worms. A detailed description of existing worm detection techniques using is given, as well study propagation models. Simulations some these models are also conducted. Although the results simulations coincide with collected data from actual outbreak network worm, they conclude it difficult produce realistic prior outbreak. mechanism called HoneyComb incorporated in honeypot setup installed at NTNU, and experiments conducted evaluate its effectiveness reliability. The generated large amount false positives experiments, possibly due an error discovered implementation algorithm. An architecture for unknown worms proposed. based on combination two recently published systems extension referred Known-Attack (KA) filter. By this filter, believed traffic needed be processed by sensors will considerably reduced.
参考文章(32)
Bill Cheswick, The Design of a Secure Internet Gateway. USENIX Summer. pp. 233- 238 ,(1990)
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Worm Detection Using Local Networks Georgia Institute of Technology. ,(2004)
James C. Frauenthal, Mathematical Modeling in Epidemiology ,(1981)
C. Stoll, The Cuckoo's Egg ,(1989)
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Jose Nazario, Defense and Detection Strategies against Internet Worms ,(2003)
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen, HoneyStat: Local Worm Detection Using Honeypots recent advances in intrusion detection. pp. 39- 58 ,(2004) , 10.1007/978-3-540-30143-1_3
Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, Anomalous Payload-Based Worm Detection and Signature Generation Lecture Notes in Computer Science. pp. 227- 246 ,(2006) , 10.1007/11663812_12