Composite Hybrid Techniques For Defending Against Targeted Attacks

نویسندگان

  • Stelios Sidiroglou
  • Angelos D. Keromytis
چکیده

We investigate the use of hybrid techniques as a defensive mechanism against targeted attacks and introduce Shadow Honeypots, a novel hybrid architecture that combines the best features of honeypots and anomaly detection. At a high level, we use a variety of anomaly detectors to monitor all traffic to a protected network/service. Traffic that is considered anomalous is processed by a “shadow honeypot” to determine the accuracy of the anomaly prediction. The shadow is an instance of the protected software that shares all internal state with a regular (“production”) instance of the application, and is instrumented to detect potential attacks. Attacks against the shadow are caught, and any incurred state changes are discarded. Legitimate traffic that was misclassified will be validated by the shadow and will be handled correctly by the system transparently to the end user. The outcome of processing a request by the shadow is used to filter future attack instances and could be used to update the anomaly detector. Our architecture allows system designers to fine-tune systems for performance, since false positives will be filtered by the shadow. Contrary to regular honeypots, our architecture can be used both for server and client applications. We also explore the notion of using Shadow Honeypots in Application Communities in order to amortize the cost of instrumentation and detection across a number of autonomous hosts.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Design and Implementation of Linux Based Hybrid Client Honeypot Incorporating Multi Layer Detection

In current global internet cyber space, the number of targeted client side attacks are increasing that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, therefore there is requirement of strong mechanisms to fight against these kinds of attacks. In this paper, we present the design and implementation of a client honeypot which incorporate the functional...

متن کامل

Random Key Pre-Distribution Techniques against Sybil Attacks

Sybil attacks pose a serious threat for Wireless Sensor Networks (WSN) security. They can create problems in routing, voting schemes, decision making, distributed storage and sensor re-programming. In a Sybil attack, the attacker masquerades as multiple sensor identities that are actually controlled by one or a few existing attacker nodes. Sybil identities are fabricated out of stolen keys, obt...

متن کامل

Energy Attack on Server Systems

Power management has become increasingly important for server systems. Numerous techniques have been proposed and developed to optimize server power consumption and achieve energy proportional computing. However, the security perspective of server power management has not yet been studied. In this paper, we investigate energy attacks, a new type of malicious exploits on server systems. Targeted...

متن کامل

Software Security through Targeted Diversification

Despite current software protection techniques, applications are still analysed, tampered with, and abused on a large scale. Crackers compensate for each new protection technique by adapting their analysis and tampering tools. This paper presents a low-cost mechanism to effectively protect software against global tampering attacks. By introducing diversity per programme instance, we illustrate ...

متن کامل

Framework for Defending against Denial of Service Attacks in Wireless Networks

Wireless mobile nodes have extremely limited resources and are easily vulnerable to Denial of Service (DoS) attacks. The traditional techniques that can detect or prevent DoS attacks in wired networks often require considerable resources such as processing power, memory, and storage space. Hence, it is not possible to deploy the traditional techniques on the wireless nodes. In this paper, we id...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007