Detecting and Analyzing Zero-Day Attacks Using Honeypots
Title | Detecting and Analyzing Zero-Day Attacks Using Honeypots |
Publication Type | Conference Paper |
Year of Publication | 2013 |
Authors | Musca, Constantin, Mirica, Emma, Deaconescu, Razvan |
Conference Name | 2013 19th International Conference on Control Systems and Computer Science |
Keywords | composability, computer network, computer network security, defense, Dictionaries, honeypot, honeypot system, information security domain, intrusion detec- tion/prevention system, invasive software, IP networks, Malware, Operating systems, Ports (Computers), Predictive Metrics, Protocols, pubcrawl, Resiliency, security, security vulnerability, Snort intrusion detection system, Snort intrusion prevention system, virtual machine, virtual machines, Virtual machining, Zero day attacks, Zero Day Attacks and Defense, zero-day attack analysis, zero-day attack detection, Zero-day attacks |
Abstract | Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks. |
DOI | 10.1109/CSCS.2013.94 |
Citation Key | musca_detecting_2013 |
- Predictive Metrics
- Zero-day attacks
- zero-day attack detection
- zero-day attack analysis
- Zero Day Attacks and Defense
- Virtual machining
- virtual machines
- virtual machine
- Snort intrusion prevention system
- Snort intrusion detection system
- security vulnerability
- security
- Resiliency
- pubcrawl
- Protocols
- Zero day attacks
- Ports (Computers)
- operating systems
- malware
- IP networks
- invasive software
- intrusion detec- tion/prevention system
- information security domain
- honeypot system
- honeypot
- Dictionaries
- computer network security
- computer network
- composability
- defense