Visible to the public Biblio

Filters: Author is Choi, S. G.  [Clear All Filters]
2021-03-04
Jeong, J. H., Choi, S. G..  2020.  Hybrid System to Minimize Damage by Zero-Day Attack based on NIDPS and HoneyPot. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :1650—1652.

This paper presents hybrid system to minimize damage by zero-day attack. Proposed system consists of signature-based NIDPS, honeypot and temporary queue. When proposed system receives packet from external network, packet which is known for attack packet is dropped by signature-based NIDPS. Passed packets are redirected to honeypot, because proposed system assumes that all packets which pass NIDPS have possibility of zero-day attack. Redirected packet is stored in temporary queue and if the packet has possibility of zero-day attack, honeypot extracts signature of the packet. Proposed system creates rule that match rule format of NIDPS based on extracted signatures and updates the rule. After the rule update is completed, temporary queue sends stored packet to NIDPS then packet with risk of attack can be dropped. Proposed system can reduce time to create and apply rule which can respond to unknown attack packets. Also, it can drop packets that have risk of zero-day attack in real time.