Self-propagating malware, such as worms, have prompted cyber attacks that compromise regular computer systems via exploiting memory-related vulnerabilities which present threats to computer networks. A new generation worm could infect millions of hosts in just a few minutes, making on time human intrusion impossible. The new worms are spread over the network on regular basis and the computer systems and network vulnerabilities are growing enormously. Here we also facing the problem of automatically and reliably detecting previously unknown attacks which are known as zero-day attack.In this paper, I have described the use of the Honeycomb to detect Zero-day attack in Virtualized network. A method to automatically generate signatures using the proposed detection system is presented. The attack signatures are detected and scanned through the system. Honeycomb is a host-based intrusion detection system that automatically creates signatures. It uses a honeypot to capture malicious traffic targeting dark space, and then applies the Longest Common Substring (LCS) algorithm on the packet content of a number of connections going to the same services. The computed substring is used as candidate worm signature. Honeycomb is well suited for extracting string signatures for automated updates to a firewall.

1. C. Xenakis a, C. Panos b, I. Stavrakakis b: A comparative evaluation of intrusion detection architectures for mobile ad hoc networks, elsevier , computers & security 30 ( 2011 ) 63 -80
2. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen. HoneyStat: Local Worm Detection Using Honeypots. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 39-58, October 2004.
3. Dr I. Muttik , McAfee Labs, UK: ZERO-DAY MALWARE ,Virus bulletin conference September 2010.
4. G. Portokalidis ,A. Slowinska, H. Bos: Argos: an Emulator for Fingerprinting Zero-Day Attacks for advertised honeypots with automatic signature generation, EUROSYS 2006
5. Honeynet Project. Know Your Enemy: Statistics. http://project.honeynet.org/papers/stats/, July 2001.
6. Honeynet Project. Know Your Enemy: Worms at War. http://project.honeynet.org/papers/worm/, November 2000.
7. None of 10 top malware vulnerabilties are in Microsoft products. http://www.computerweekly.com/blogs/read-all-about-it/2011/08/none-of-10-top-malware-vulnera.html.
8. I. Kim, D. Kim, B. Kim, Y. Choi, S.Yoon, J. Oh and J. Jang:An Architecture of Unknown Attack Detection System against Zero-dayWorm, Proceedings of the 8th WSEAS International Conference on APPLIED COMPUTER SCIENCE (ACS'08)
9. J.Newsome and D.Dong. Dynamic Taint Analysis for Automatic Detection Analysis, and Signature Generation of Exploits on Commodity software. In Proceedings of the 12th ISOC Symposium on Network and Distributed System Security(SNDSS), pages 221-237, February 2005.
10. Kreibich, C., Crowcroft,J.: Honeycomb-Creating Intrusion Detection Signatures Using Honeypots. ACM SIGCOMM Computer Communication Review 34(2004).
11. N. Provos. A virtual honeypot framework. In Proc. of the 13th USENIX Security Symposium, 2004.
12. P. Laskov, M. Kloft: A Framework for Quantitative Security Analysis of Machine Learning, AISec’09, November 9, 2009, Chicago, Illinois, USA.
13. S. Pastrana, A.Orfila, A.Ribagorda: A Functional Framework to Evade Network IDS , Proceedings of the 44th Hawaii International Conference on System Sciences - 2011.
14. S. Singh, C. Estan, G. Varghese and S. Savage. Automated Worm Fingerprinting, Sixth Symposium on Operating Systems Design and Implementation (OSDI), 2004.

Zero-Day attack Honeycomb Malware Automatic Signature Generation