Honeypot-based Signature Generation for Polymorphic Worms
نویسندگان
چکیده
منابع مشابه
Honeypot-based Signature Generation for Polymorphic Worms
With the growing sophistication of computer worms, information security has become a prime concern for individuals, community and organizations. Traditional signature based IDS, though effective for known attacks but failed to handle the unknown attack promptly. This paper describes a novel honeypot system which isolates the suspicious traffic from normal traffic, and capture most useful inform...
متن کاملPolyS: Network-based Signature Generation for Zero-day Polymorphic Worms
With growing sophistication of computer worms, it is very important to detect and prevent the worms quickly and accurately at their early phase of infection. Traditional signature based IDS, though effective for known attacks but failed to handle the zero-day attack promptly. Recent works on polymorphic worms does not guarantee accurate signature in presence of noise in suspicious flow samples....
متن کاملDefending Polymorphic Worms in Computer Network using Honeypot
Polymorphic worms are a major threat to internet infrastructure security. In this mechanism we are using gatetranslator, double honeypot, sticky honeypot, internal translator and antivirus of Cloud AV,which attracts polymorphic worms. We are proposing an algorithm to detect and remove polymorphic worms and innocuous traffic related packets. KeywordsPolymorphic worm; Honeypot; Honeynet; Sticky h...
متن کاملAn Automated Signature Generation Approach for Polymorphic Worms Using Factor Analysis
Internet worms pose a major threat to Internet infrastructure security, and their destruction will be truly costly. Therefore, the networks must be protected as much as possible against such attacks. In this paper we propose automatic and accurate system for signature generation for unknown polymorphic worms. We have designed a novel double-honeynet system, which is able to detect new worms tha...
متن کاملBehavioral Signature Generation using Shadow Honeypot
A novel behavioral detection framework is proposed to detect zero day buffer overflow vulnerabilities (based on network behavioral signatures) using zero-day exploits, instead of the signature-based or anomaly-based detection solutions currently available for IDPS techniques. At first we present the detection model that uses shadow honeypot. Our system is used for the online processing of netwo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Security and Its Applications
سال: 2014
ISSN: 1738-9976,1738-9976
DOI: 10.14257/ijsia.2014.8.6.10