An architecture of unknown attack detection system against zero-day worm
作者: Yangseo Choi , Ikkyun Kim , Jintae Oh , Byoungkoo Kim , Jongsoo Jang
DOI:
关键词:
摘要: We have introduced the ZASMIN (Zeroday-Attack Signature Management Infrastructure) system, which is developed for novel network attack detection. This system provides early warning at moment attacks start to spread on and block of cyber by automatically generating a signature that could be used security appliance such as IPS. adopted various new technologies -- suspicious traffic monitoring, validation, polymorphic worm recognition, generation unknown Because its hardware-based accelerator also capable deal with giga-bit speed traffic, it can applicable Internet backbone or bottle-neck point high-speed enterprise without any loss traffic. In this paper, after we setup real testbed, analyzed results about detection attack.
acm.org 参考文章(24)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
George Mohay, Andrew Clark, Stig Andersson, Network-Based Buffer Overflow Detection by Exploit Code Analysis AusCERT 2004 Asia Pacific Information Technology Security Conference Proceedings R&D Stream. ,(2004)
Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, Anomalous Payload-Based Worm Detection and Signature Generation Lecture Notes in Computer Science. pp. 227- 246 ,(2006) , 10.1007/11663812_12
Ramkumar Chinchani, Eric van den Berg, A Fast Static Analysis Approach to Detect Exploit Code Inside Network Flows Lecture Notes in Computer Science. pp. 284- 308 ,(2006) , 10.1007/11663812_15
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Archana Pasupulati, Jason Coit, Karl Levitt, Shyhtsun Felix Wu, SH Li, JC Kuo, Kuo-Pao Fan, Buttercup: on network-based detection of polymorphic buffer overflow vulnerabilities network operations and management symposium. ,vol. 1, pp. 235- 248 ,(2004) , 10.1109/NOMS.2004.1317662
Christopher Krügel, Thomas Toth, Engin Kirda, Service specific anomaly detection for network intrusion detection acm symposium on applied computing. pp. 201- 208 ,(2002) , 10.1145/508791.508835