Detecting targeted attacks using shadow honeypots
作者: K. G. Anagnostakis , K. Xinidis , A. D. Keromytis , E. Markatos , S. Sidiroglou
DOI: 10.7916/D8WM1PS8
关键词:
摘要: We present Shadow Honeypots, a novel hybrid architecture that combines the best features of honeypots and anomaly detection. At high level, we use variety detectors to monitor all traffic protected network/service. Traffic is considered anomalous processed by "shadow honeypot" determine accuracy prediction. The shadow an instance software shares internal state with regular ("production") application, instrumented detect potential attacks. Attacks against are caught, any incurred changes discarded. Legitimate was misclassified will be validated handled correctly system transparently end user. outcome processing request used filter future attack instances could update detector. Our allows designers fine-tune systems for performance, since false positives filtered shadow. Contrary honeypots, our can both server client applications. demonstrate feasibility approach in proof-of-concept implementation Honeypot Apache web Mozilla Firefox browser. show despite considerable overhead instrumentation honeypot (up 20% Apache), overall impact on diminished ability minimize rate false-positives.
columbia.edu
forth.gr
secguru.com 参考文章(61)
Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, Alf Zugenmaier, Shield Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '04. ,vol. 34, pp. 193- 204 ,(2004) , 10.1145/1015467.1015489
D. Spinellis, Reliable identification of bounded-length viruses is NP-complete IEEE Transactions on Information Theory. ,vol. 49, pp. 280- 284 ,(2003) , 10.1109/TIT.2002.806137
Shuo Chen, Jun Xu, N. Nakka, Z. Kalbarczyk, R.K. Iyer, Defeating memory corruption attacks via pointer taintedness detection dependable systems and networks. pp. 378- 387 ,(2005) , 10.1109/DSN.2005.36
Min Cai, Kai Hwang, Yu-Kwong Kwok, Shanshan Song, Yu Chen, Collaborative Internet worm containment ieee symposium on security and privacy. ,vol. 3, pp. 25- 33 ,(2005) , 10.1109/MSP.2005.63
Dahlia Malkhi, Michael K Reiter, None, Secure execution of Java applets using a remote playground IEEE Transactions on Software Engineering. ,vol. 26, pp. 1197- 1209 ,(2000) , 10.1109/32.888632
Péter Ször, Peter Ferrie, HUNTING FOR METAMORPHIC ,(2001)
Chris Clark, Wenke Lee, David Schimmel, Didier Contis, Mohamed Koné, Ashley Thomas, A hardware platform for network intrusion detection and prevention Network Processor Design#R##N#Issues and Practices Volume 3. pp. 99- 118 ,(2005) , 10.1016/B978-012088476-6/50007-1
Yoichi Shinoda, Ko Ikai, Motomu Itoh, Vulnerabilities of passive internet threat monitors usenix security symposium. pp. 14- 14 ,(2005)
Fabian Monrose, Moheeb Abu Rajab, Andreas Terzis, On the effectiveness of distributed worm monitoring usenix security symposium. pp. 15- 15 ,(2005)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)