Scalable monitor of malicious network traffic
作者: David J. Plonka , Paul R. Barford , Vinod T. Yegneswaran
DOI:
关键词:
摘要: A monitor of malicious network traffic attaches to unused addresses and monitors communications with an active responder that has constrained-state awareness be highly scalable. In a preferred embodiment, the provides response based only on previous statement from source, which in most cases is sufficient promote additional communication presenting complete record transaction for analysis possible signature extraction.
google.co.uk 参考文章(14)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, The EarlyBird System for Real-time Detection of Unknown Worms ,(2005)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Mark Richard Enstone, James Anthony Cureington, Automated immune response for a computer ,(2005)
Rephael Tzadikario, Mitigating network attacks using automatic signature generation ,(2005)
Robert E. Cavanaugh, System and method for network edge data protection ,(2004)
Kieran Gerard Sherlock, Luis Filipe Pereira Valente, Robert Allen Shaw, Geoffrey Cooper, Network monitor internals description ,(2001)
Thomas C. Stracener, John S. Flowers, Interoperability of vulnerability and intrusion detection systems ,(2007)
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384