Improving honeyd for automatic generation of attack signatures
نویسندگان
چکیده
In this paper, we design and implement a new Plugin to Honeyd which generates attack signature, automatically. Current network intrusion detection systems work on misuse detectors, where the packets in the monitored network are compared against a repository of signatures. But, we focus on automatic signature generation from malicious network traffic. Our proposed system inspects honeypot traffic and generates intrusion signatures for unknown traffic.The signature is based on traffic patterns, using Longest Common Substring (LCS) algorithm. It is noteworthy that our system is a plugin to honeyd a low interaction honeypot. The system's output is a file containing honeypot intrusion signatures in pseudo-snort format. Signature generation system has been implemented for Linux Operating System (OS) but due to the common use of Windows OS, we implement for Windows OS, using C programming language.
منابع مشابه
تولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملHoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot
A Honeypot is a security resource, which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. A honeypot can also indicate about how to perform forensics. The information gathered by watching a honeypot being probed is invaluable. It gives information about attacks and attack patterns. Currently, the creation of intrusion detection si...
متن کاملAutomated NIDS Signature Creation using Honeypots
This paper describes Honeycomb, a system for automated generation of attack signatures for network intrusion detection systems (NIDSs). Our system applies pattern detection techniques and protocol conformance checks on multiple levels in the protocol hierarchy to network traffic captured on a honeypot system. While running Honeycomb on an unprotected cable modem connection for 24 hours, the sys...
متن کاملAbstract—IARMSG: Incremental Association Rule Mining for Automatic Worm Signature Generation
IARMSG: Incremental Association Rule Mining for Automatic Worm Signature Generation Written by Administrator Wednesday, 16 March 2011 09:20 Last Updated Monday, 21 March 2011 07:11 In recent era, Internet worms are one of seriousthreats which have been a major cause of intrusion attempts.Traditional Intrusion Detection Systems (IDS) store allknown worm signatures and monitors real time traffic ...
متن کاملAbstract—IARMSG: Incremental Association Rule Mining for Automatic Worm Signature Generation
IARMSG: Incremental Association Rule Mining for Automatic Worm Signature Generation Written by Administrator Wednesday, 16 March 2011 09:20 Last Updated Monday, 21 March 2011 07:11 In recent era, Internet worms are one of seriousthreats which have been a major cause of intrusion attempts.Traditional Intrusion Detection Systems (IDS) store allknown worm signatures and monitors real time traffic ...
متن کامل