CFP last date
20 January 2025
Reseach Article

Zero-Day Attack Signatures Detection Using Honeypot

Published on Decmber 2011 by Reshma R. Patel, Chirag S. Thaker
International Conference on Computer Communication and Networks CSI-COMNET-2011
Foundation of Computer Science USA
COMNET - Number 1
Decmber 2011
Authors: Reshma R. Patel, Chirag S. Thaker
1de23283-dfe3-459a-b1cf-95583f49cafe

Reshma R. Patel, Chirag S. Thaker . Zero-Day Attack Signatures Detection Using Honeypot. International Conference on Computer Communication and Networks CSI-COMNET-2011. COMNET, 1 (Decmber 2011), 79-85.

@article{
author = { Reshma R. Patel, Chirag S. Thaker },
title = { Zero-Day Attack Signatures Detection Using Honeypot },
journal = { International Conference on Computer Communication and Networks CSI-COMNET-2011 },
issue_date = { Decmber 2011 },
volume = { COMNET },
number = { 1 },
month = { Decmber },
year = { 2011 },
issn = 0975-8887,
pages = { 79-85 },
numpages = 7,
url = { /proceedings/comnet/number1/5427-1015/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference on Computer Communication and Networks CSI-COMNET-2011
%A Reshma R. Patel
%A Chirag S. Thaker
%T Zero-Day Attack Signatures Detection Using Honeypot
%J International Conference on Computer Communication and Networks CSI-COMNET-2011
%@ 0975-8887
%V COMNET
%N 1
%P 79-85
%D 2011
%I International Journal of Computer Applications
Abstract

Self-propagating malware, such as worms, have prompted cyber attacks that compromise regular computer systems via exploiting memory-related vulnerabilities which present threats to computer networks . A new generation worm could infect millions of hosts in just a few minutes, making on time human intrusion impossible. The new worms are spread over the network on regular basis and the computer systems and network vulnerabilities are growing enormously. Here we also facing the problem of automatically and reliably detecting previously unknown attacks which are known as zero-day attack.In this paper, I have described the use of the Honeypot to detect Zero-day attack in computer network. This paper addresses the problem of automatically and reliably detecting previously unknown attacks, and generating solutions that can prevent new infections in their early stages. A method to automatically generate signatures using the proposed detection system is presented. The attack signatures are detected and scanned through the system. Honeycomb is a host-based intrusion detection system that automatically creates signatures. It uses a honeypot to capture malicious traffic targeting dark space, and then applies the Longest Common Substring (LCS) algorithm on the packet content of a number of connections going to the same services. The computed substring is used as candidate worm signature. Honeycomb is well suited for extracting string signatures for automated updates to a firewall.

References
  1. C. Xenakis a, C. Panos b, I. Stavrakakis b: A comparative evaluation of intrusion detection architectures for mobile ad hoc networks, elsevier , computers & security 30 ( 2011 ) 63 -80
  2. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen. HoneyStat: Local Worm Detection Using Honeypots. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 39-58, October 2004.
  3. Dr I. Muttik , McAfee Labs, UK: ZERO-DAY MALWARE ,Virus bulletin conference September 2010.
  4. G. Portokalidis ,A. Slowinska, H. Bos:Argos: an Emulator for Fingerprinting Zero-Day Attacks for advertised honeypots with automatic signature generation, EUROSYS 2006
  5. Honeynet Project. Know Your Enemy: Statistics. http://project.honeynet.org/papers/stats/, July 2001.
  6. Honeynet Project. Know Your Enemy: Worms at War. http://project.honeynet.org/papers/worm/, November 2000.
  7. http://www.computerweekly.com/blogs/read-all-about-it/2011/08/none-of-10-top-malware-vulnera.html.
  8. I. Kim, D. Kim, B. Kim, Y. Choi, S.Yoon, J. Oh and J. Jang:An Architecture of Unknown Attack Detection System against Zero-dayWorm, Proceedings of the 8th WSEAS International Conference on APPLIED COMPUTER SCIENCE (ACS'08)
  9. J.Newsome and D.Dong. Dynamic Taint Analysis for Automatic Detection Analysis, and Signature Generation of Exploits on Commodity software. In Proceedings of the 12th ISOC Symposium on Network and Distributed System Security(SNDSS), pages 221-237, February 2005.
  10. Kreibich, C., Crowcroft,J.: Honeycomb-Creating Intrusion Detection Signatures Using Honeypots. ACM SIGCOMM Computer Communication Review 34(2004).
  11. N. Provos. A virtual honeypot framework. In Proc. of the 13th USENIX Security Symposium, 2004.
  12. P. Laskov, M. Kloft: A Framework for Quantitative Security Analysis of Machine Learning, AISec’09, November 9, 2009, Chicago, Illinois, USA.
  13. S. Pastrana, A.Orfila, A.Ribagorda: A Functional Framework to Evade Network IDS , Proceedings of the 44th Hawaii International Conference on System Sciences - 2011.
  14. S. Singh, C. Estan, G. Varghese and S. Savage. Automated Worm Fingerprinting, Sixth Symposium on Operating Systems Design and Implementation (OSDI), 2004.
Index Terms

Computer Science
Information Sciences

Keywords

Zero-Day attack Honeypot Malware Signature Generation