Hybrid System to Minimize Damage by Zero-Day Attack based on NIDPS and HoneyPot
| Title | Hybrid System to Minimize Damage by Zero-Day Attack based on NIDPS and HoneyPot |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Jeong, J. H., Choi, S. G. |
| Conference Name | 2020 International Conference on Information and Communication Technology Convergence (ICTC) |
| Date Published | Oct. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-6758-9 |
| Keywords | composability, convergence, cyber attack, defense, honeypot, information and communication technology, Metrics, Network security, NIDPS, pubcrawl, Real-time Systems, resilience, Resiliency, Zero day attacks, Zero-Day |
| Abstract | This paper presents hybrid system to minimize damage by zero-day attack. Proposed system consists of signature-based NIDPS, honeypot and temporary queue. When proposed system receives packet from external network, packet which is known for attack packet is dropped by signature-based NIDPS. Passed packets are redirected to honeypot, because proposed system assumes that all packets which pass NIDPS have possibility of zero-day attack. Redirected packet is stored in temporary queue and if the packet has possibility of zero-day attack, honeypot extracts signature of the packet. Proposed system creates rule that match rule format of NIDPS based on extracted signatures and updates the rule. After the rule update is completed, temporary queue sends stored packet to NIDPS then packet with risk of attack can be dropped. Proposed system can reduce time to create and apply rule which can respond to unknown attack packets. Also, it can drop packets that have risk of zero-day attack in real time. |
| URL | https://ieeexplore.ieee.org/document/9289589 |
| DOI | 10.1109/ICTC49870.2020.9289589 |
| Citation Key | jeong_hybrid_2020 |