Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms
作者: Jan Kohlrausch
DOI: 10.1109/IMF.2009.9
关键词:
摘要: Recently, major advances have been made in the area of honeypot technologies. These include development very accurate and reliable detection methods for unknown attacks targeted at memory corruption vulnerabilities design efficient network architectures. architectures allow to monitor a large IP addresses applying advanced zero-day exploits new Internet worms. Such an architecture method was developed by NoAH research project funded Sixth EU’s Framework Programme Research Technological Development. A pilot testbed set up demonstrate its effectiveness detect well-known as well on Internet. While technical components are well-understood, interpretation analysis resulting information is best our knowledge still not fully explored projects. For testbed, critical test arose with appearance W32.Conficker worm November 2008. In this paper we present experimental results focusing which widely spread ongoing threat detail, introduce process starting first suspicion towards capture malware.
computer.org
sci-hub.se 参考文章(10)
Jon Crowcroft, Antony Rowstron, Miguel Castro, Manuel Costa, Can we contain Internet worms Association for Computing Machinery, Inc.. pp. 7- ,(2004)
G. Portokalidis, H.J. Bos, J.M. Slowinska, Argos: an Emulator for Fingerprinting Zero-Day Attacks ,(2006)
Jedidiah R. Crandall, S. Felix Wu, Frederic T. Chong, Experiences using minos as a tool for capturing and analyzing novel worms for unknown vulnerabilities international conference on detection of intrusions and malware and vulnerability assessment. ,vol. 3548, pp. 32- 50 ,(2005) , 10.1007/11506881_3
Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits EURECOM. ,(2007)
Corrado Leita, Marc Dacier, Frederic Massicotte, Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots Lecture Notes in Computer Science. pp. 185- 205 ,(2006) , 10.1007/11856214_10
Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley, Monitoring and early warning for internet worms computer and communications security. pp. 190- 199 ,(2003) , 10.1145/948109.948136
Asia Slowinska, Herbert Bos, The Age of Data: Pinpointing Guilty Bytes in Polymorphic Buffer Overflows on Heap or Stack annual computer security applications conference. pp. 487- 500 ,(2007) , 10.1109/ACSAC.2007.32
Daniel R. Ellis, John G. Aiken, Kira S. Attwood, Scott D. Tenaglia, A behavioral approach to worm detection workshop on rapid malcode. pp. 43- 53 ,(2004) , 10.1145/1029618.1029625
Ke Wang, Salvatore J. Stolfo, Anomalous Payload-Based Network Intrusion Detection recent advances in intrusion detection. pp. 203- 222 ,(2004) , 10.1007/978-3-540-30143-1_11
Georgios Portokalidis, Asia Slowinska, Herbert Bos, Argos Proceedings of the 2006 EuroSys conference on - EuroSys '06. ,vol. 40, pp. 15- 27 ,(2006) , 10.1145/1217935.1217938