Intrusion detection in Honeynets by compression and hashing
作者: Fahim H. Abbasi , R. J. Harris
DOI: 10.1109/ATNAC.2010.5680264
关键词:
摘要: This paper proposes the design of a behaviour-based Intrusion Detection System (IDS), adopting Fuzzy hashing and Normalized Compression Distance (NCD) to determine similarity in behavioural profiles worms malware. The system runs parallel with an existing knowledge or misuse-based like Snort, but augments intrusion detection capabilities by revealing malicious behaviour activities within Honeynet. integrates into Honeynet, where network-based events will be trapped gateway device, while system-based on Honeypot(s). Results prototype network components are also discussed.
sci-hub.se 参考文章(28)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
S.C. Evans, B. Barnett, Network security through conservation of complexity military communications conference. ,vol. 2, pp. 1133- 1138 ,(2002) , 10.1109/MILCOM.2002.1179637
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Halvar Flake, Structural Comparison of Executable Objects DIMVA. pp. 161- 173 ,(2004) , 10.17877/DE290R-2007
Fabien Pouget, Marc Dacier, Honeypot-based forensics ,(2004)
Paul Vitányi, Ming Li, An Introduction to Kolmogorov Complexity and Its Applications ,(1993)
Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, Jesus E. Diaz-Verdejo, Anomaly detection methods in wired networks: a survey and taxonomy Computer Communications. ,vol. 27, pp. 1569- 1584 ,(2004) , 10.1016/J.COMCOM.2004.07.002
Amit Kulkarni, Stephen Bush, Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics Journal of Network and Systems Management. ,vol. 14, pp. 69- 80 ,(2006) , 10.1007/S10922-005-9016-3
Robin Sommer, Vern Paxson, Enhancing byte-level network intrusion detection signatures with context computer and communications security. pp. 262- 271 ,(2003) , 10.1145/948109.948145
Christian Kreibich, Jon Crowcroft, Honeycomb: creating intrusion detection signatures using honeypots acm special interest group on data communication. ,vol. 34, pp. 51- 56 ,(2004) , 10.1145/972374.972384