Detecting and Analyzing Zero-day Attacks using Honeypots

被引：11

作者：

Musca, Constantin ^{[1
]}

Mirica, Emma ^{[1
]}

Deaconescu, Razvan ^{[1
]}

机构：

[1] Univ Politehn Bucuresti, Dept Comp Sci & Engn, Bucharest, Romania

来源：

19TH INTERNATIONAL CONFERENCE ON CONTROL SYSTEMS AND COMPUTER SCIENCE (CSCS 2013) | 2013年

关键词：

honeypot; zero-day attacks; intrusion detection/prevention system;

D O I：

10.1109/CSCS.2013.94

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks.

引用

页码：543 / 548

页数：6

共 50 条

[1] Training for the unknown: The role of feedback and similarity in detecting zero-day attacks
Ben-Asher, Noam
Gonzalez, Cleotilde
[J]. 6TH INTERNATIONAL CONFERENCE ON APPLIED HUMAN FACTORS AND ERGONOMICS (AHFE 2015) AND THE AFFILIATED CONFERENCES, AHFE 2015, 2015, 3 : 1088 - 1095
[2] Detection of Zero-day Attacks on IoT
Reardon, Shay
Hssayeni, Murtadha D.
Mahgoub, Imadeldin
[J]. 2024 INTERNATIONAL CONFERENCE ON SMART APPLICATIONS, COMMUNICATIONS AND NETWORKING, SMARTNETS-2024, 2024,
[3] Detecting Zero-Day Intrusion Attacks Using Semi-Supervised Machine Learning Approaches
Mbona, Innocent
Eloff, Jan H. P.
[J]. IEEE ACCESS, 2022, 10 : 69822 - 69838
[4] Detecting zero-day attacks using context-aware anomaly detection at the application-layer
Duessel, Patrick
Gehl, Christian
Flegel, Ulrich
Dietrich, Sven
Meier, Michael
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2017, 16 (05) : 475 - 490
[5] Detecting zero-day attacks using context-aware anomaly detection at the application-layer
Patrick Duessel
Christian Gehl
Ulrich Flegel
Sven Dietrich
Michael Meier
[J]. International Journal of Information Security, 2017, 16 : 475 - 490
[6] Detecting Zero-day Polymorphic Worm: A Review
Sulieman, Sulieman Mohamed Ali
Fadlalla, Yahia A.
[J]. 2018 21ST SAUDI COMPUTER SOCIETY NATIONAL COMPUTER CONFERENCE (NCC), 2018,
[7] Detection of zero-day attacks in computer networks using combined classification
Gavari Bami, Hamid
Moharamkhani, Elaheh
Zadmehr, Behrouz
Najafpoor, Vahid
Shokouhifar, Mohammad
[J]. CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2022, 34 (27):
[8] Protecting Embedded Systems from Zero-Day Attacks
Taylor, Stephen
[J]. NAECON 2018 - IEEE NATIONAL AEROSPACE AND ELECTRONICS CONFERENCE, 2018, : 165 - 168
[9] Detecting targeted attacks using shadow honeypots
Anagnostakis, KG
Sidiroglou, S
Akritidis, P
Xinidis, K
Markatos, E
Keromytis, AD
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE 14TH USENIX SECURITY SYMPOSIUM, 2005, : 129 - 144
[10] ZeroWall: Detecting Zero-Day Web Attacks through Encoder-Decoder Recurrent Neural Networks
Tang, Ruming
Yang, Zheng
Li, Zeyan
Meng, Weibin
Wang, Haixin
Li, Qi
Sun, Yongqian
Pei, Dan
Wei, Tao
Xu, Yanfei
Liu, Yan
[J]. IEEE INFOCOM 2020 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, 2020, : 2479 - 2488

← 1 2 3 4 5 →