Detecting and Analyzing Zero-Day Attacks Using Honeypots

Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detec...

Full description

Saved in:
Bibliographic Details
Published in:2013 19th International Conference on Control Systems and Computer Science pp. 543 - 548
Main Authors: Musca, Constantin, Mirica, Emma, Deaconescu, Razvan
Format: Conference Proceeding
Language:English
Published: IEEE 01.05.2013
Subjects:
Dictionaries
honeypot
intrusion detec- tion/prevention system
IP networks
Operating systems
Ports (Computers)
Protocols
Security
Virtual machining
zero-day attacks
ISBN:9781467361408, 1467361402
ISSN:2379-0474
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks.
ISBN:9781467361408
1467361402
ISSN:2379-0474
DOI:10.1109/CSCS.2013.94