18 Hits in 1.6 sec

HoneyStat: Local Worm Detection Using Honeypots [chapter]

David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen
2004 Lecture Notes in Computer Science  
Worm detection techniques for smaller local networks have not been fully explored. We consider how local networks can provide early detection and compliment global monitoring strategies.  ...  We describe HoneyStat, which uses modified honeypots to generate a highly accurate alert stream with low false positive rates.  ...  ., conflicts in data sharing, privacy, and coordinated responses), our detection mechanism is based on local networks, in particular, local honeypots for worm detection.  ... 
doi:10.1007/978-3-540-30143-1_3 fatcat:fkwgy66b4vcijh6gkgcighxq4u

A survey of internet worm detection and containment

Pele Li, Mehdi Salour, Xiao Su
2008 IEEE Communications Surveys and Tutorials  
We first identify worm characteristics through their behavior, and then classify worm detection algorithms based on the parameters used in the algorithms.  ...  After detecting the existence of worms, the next step is to contain them. This paper explores the current methods used to slow down or stop the spread of worms.  ...  Virtual Honeypot was used for worm detection [32] [36, 37] .  ... 
doi:10.1109/comst.2008.4483668 fatcat:p4jfwoz32vah3d3mjcnrjtfifm

Honeypot detection in advanced botnet attacks

Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou
2010 International Journal of Information and Computer Security  
Based on this basic detection principle, we present honeypot detection techniques to be used in both centralised botnets and Peer-to-Peer (P2P) structured botnets.  ...  Experiments show that current standard honeypots and honeynet programs are vulnerable to the proposed honeypot detection techniques.  ...  Dagon et al. (2004) presented the "HoneyStat" system to use coordinated honeypots to detect worm infections in local networks.  ... 
doi:10.1504/ijics.2010.031858 fatcat:rgl6wazoj5fnhjtn76fd6paqee

Automatic attack signature generation systems: A review

Sanmeet Kaur, Maninder Singh
2013 IEEE Security and Privacy  
of their capability to detect novel attacks, signature generation method, suitability for multiple instances of worms, type of signature generated, attacks and worms covered, false alarm rates, and relative  ...  IDSs can use either anomaly-or signature-based techniques to detect intrusions. In anomaly-based techniques, any deviation from the system's normal behavior profile is recognized and reported.  ...  Honeyfarm-Based Defense against Internet Worms Pragya Jain and Anjali Sardana proposed a hybrid approach that integrates anomaly and signature detection with honeypots. 12 This system makes use of all  ... 
doi:10.1109/msp.2013.51 fatcat:qyfytdbutrgwpiinemorsxpdka

An Efficient Signature-Based Approach for Automatic Detection of Internet Worms over Large-Scale Networks

Kumar Simkhada, Tarik Taleb, Yuji Waizumi, Abbas Jamalipour, Nei Kato, Yoshiaki Nemoto
2006 2006 IEEE International Conference on Communications  
This enables local managers to detect worms that try to penetrate into their networks. The proposed system is evaluated using an off-line real network traffic that contains traces of worms.  ...  Internet Worms pose a serious threat to today's Internet. Signature matching is an important approach to detect worms.  ...  RELATED WORK To detect worms, a number of systems have been proposed in recent literature. Systems such as HoneyStat [6] and Honeycomb [7] use honeypots to detect worms.  ... 
doi:10.1109/icc.2006.255123 dblp:conf/icc/SimkhadaTWJKN06 fatcat:hft2wx2gnrgfdk2c2qjefizqmq

SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots

Georgios Portokalidis, Herbert Bos
2007 Computer Networks  
To provide a low response time, the signatures may be immediately distributed to network intrusion detection and prevention systems.  ...  We discuss the implementation of SweetBait, an automated protection system that employs low-and high-interaction honeypots to recognise and capture suspicious traffic.  ...  We are grateful to Intel for providing us with a set of Intel IXP1200 boards which were used for the cardguard HIP.  ... 
doi:10.1016/j.comnet.2006.09.005 fatcat:q3r2giwqhjdp7dtquqwydu2wgm

Execution transactions for defending against software failures: use and evaluation

Stelios Sidiroglou, Angelos D. Keromytis
2006 International Journal of Information Security  
help determine worm signatures.  ...  We combine our defensive mechanism with a honeypot-like configuration to detect previously unknown attacks, automatically adapt an application's defensive posture at a negligible performance cost, and  ...  Although the system only protects against scanning worms, "active honeypot" techniques [96] may be used to make it more difficult for an automated attacker to differen-tiate between HoneyStats and real  ... 
doi:10.1007/s10207-006-0083-6 fatcat:6wtsvxahznbill35gog3pjm4lm

Data reduction for the scalable automated analysis of distributed darknet traffic

Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, David Watson
2005 Proceedings of the 5th ACM SIGCOMM conference on Internet measurement - IMC '05  
One class of techniques that attempts to achieve this balance involves hybrid systems that combine the scalable monitoring of unused address blocks (or darknets) with forensic honeypots (or honeyfarms)  ...  Each of the identified events during this period represented a major globally-scoped attack including the WINS vulnerability scanning, Veritas Backup Agent vulnerability scanning, and the MySQL Worm.  ...  Finally, in late January of 2005 IMS detected a worm/bot targeted at the MySQL database server [19] .  ... 
doi:10.1145/1330107.1330135 fatcat:xzwchu5osja4tf6sn6anx63el4

CAUDIT: Continuous Auditing of SSH Servers To Mitigate Brute-Force Attacks

Phuong Cao, Yuming Wu, Subho S. Banerjee, Justin Azoff, Alexander Withers, Zbigniew T. Kalbarczyk, Ravishankar K. Iyer
2019 Symposium on Networked Systems Design and Implementation  
Related Work This section discusses prior work in honeypot design, security auditing, black hole router, and alert sharing networks. Honeypots. HoneyStat has been deployed for local worm detection.  ...  However, 1) it is deployed on local networks whereas ours is deployed on NCSA's global peer-to-peer sharing infrastructure; and 2) it only carries out logit analysis for worm detection, and thus lacks  ... 
dblp:conf/nsdi/CaoWBAWKI19 fatcat:c3dooud5kffkto7nvojiijux6u

COVERAGE: detecting and reacting to worm epidemics using cooperation and validation

Kostas G. Anagnostakis, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis
2007 International Journal of Information Security  
Cooperative defensive systems communicate and cooperate in their response to worm attacks, but determine the presence of a worm attack solely on local information.  ...  Distributed worm detection and immunization systems track suspicious behavior at multiple cooperating nodes to determine whether a worm attack is in progress.  ...  Although the system only protects against scanning worms, "active honeypot" techniques [85] may be used to make it more difficult for an automated attacker to differentiate between HoneyStats and real  ... 
doi:10.1007/s10207-007-0032-z fatcat:xtybu2v76rdwje2kbhtjxkqwki

An Automated Signature-Based Approach against Polymorphic Internet Worms

Yong Tang, Shigang Chen
2007 IEEE Transactions on Parallel and Distributed Systems  
We propose a new worm signature, called the position-aware distribution signature (PADS), which fills the gap between traditional signatures and anomaly-based intrusion detection systems.  ...  This paper attempts to answer an important question: How can we distinguish polymorphic worms from normal background traffic?  ...  Dagon et al. developed HoneyStat [28] to detect worm behaviors in small networks.  ... 
doi:10.1109/tpds.2007.1050 fatcat:i66h5tbf3nbevlapxbh3gtzki4

The monitoring and early detection of Internet worms

C.C. Zou, Weibo Gong, D. Towsley, Lixin Gao
2005 IEEE/ACM Transactions on Networking  
Then, based on the idea of "detecting the trend, not the burst" of monitored illegitimate traffic, we present a "trend detection" methodology to detect a worm at its early propagation stage by using Kalman  ...  Facing this great security threat, we need to build an early detection system that can detect the presence of a worm in the Internet as quickly as possible in order to give people accurate early warning  ...  [11] presented a "honeystat" worm detection method by correlating infection statistics provided by local honeypots when a worm tries to infect them.  ... 
doi:10.1109/tnet.2005.857113 fatcat:4savbhtmozcujjtore2lvcmsam


Songqing Chen, Xinyuan Wang, Lei Liu, Xinwen Zhang
2006 Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems - ANCS '06  
While signature based worm detection and containment are effective in detecting and containing known worms, they are inherently ineffective against previously unknown worms and polymorphic worms.  ...  In order to stop a fast spreading worm, we need the capability to detect and contain worms automatically in real-time.  ...  More broadly, some other attack detection and signature extraction rely on the honeypots that cover dark or unused IP addresses, such as Backscatter [22] , honeyd [27] , honeyComb [17] , and HoneyStat  ... 
doi:10.1145/1185347.1185371 dblp:conf/ancs/ChenWLZ06 fatcat:3vrvqzi25zasdhfbvuk5v76pey

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure

Hu Zhengbing, Viktor Gnatyuk, Viktoriia Sydorenko, Roman Odarchenko, Sergiy Gnatyuk
2017 International Journal of Computer Network and Information Security  
of intrusion detection system (IDS) using virtual honeypots (Honeypot) last generation Honeynet GenIII (Autograph, PADS, PAYL, COVERS, DIRA, DOME, Minos, Paid, Vigilante, HoneyStat etc.), which have different  ...  , honeypot systems, analyze vulnerabilities systems, exploits, operating systems, different applications (including specialized detection systems of cyberincidents with type SIEM), anti-virus and anti-spam  ... 
doi:10.5815/ijcnis.2017.06.04 fatcat:mf3pwwjohbapjmifqlzmmlfzzm

Composite Hybrid Techniques For Defending Against Targeted Attacks [chapter]

Stelios Sidiroglou, Angelos D. Keromytis
Advances in Information Security  
We also explore the notion of using Shadow Honeypots in Application Communities in order to amortize the cost of instrumentation and detection across a number of autonomous hosts.  ...  anomaly detection.  ...  HoneyStat [13] runs sacrificial services inside a virtual machine, and monitors memory, disk, and network events to detect abnormal behavior.  ... 
doi:10.1007/978-0-387-44599-1_10 dblp:series/ais/SidiroglouK07 fatcat:cck5xyx63feinpyfwyk27eclde
« Previous Showing results 1 — 15 out of 18 results