Proceedings ArticleDOI
Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes
Jungsuk Song,Hiroki Takakura,Yasuo Okabe +2 more
- pp 31-39
TLDR
Two types of honeypot are proposed to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot.Abstract:
Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.read more
Citations
More filters
Proceedings ArticleDOI
Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation
TL;DR: A new evaluation dataset, called Kyoto 2006+, built on the 3 years of real traffic data which are obtained from diverse types of honeypots which will greatly contribute to IDS researchers in obtaining more practical, useful and accurate evaluation results.
Journal ArticleDOI
Toward a more practical unsupervised anomaly detection system
TL;DR: A new anomaly detection method by which it can automatically tune and optimize the values of parameters without predefining them is proposed and evaluated over real traffic data obtained from Kyoto University honeypots.
Journal Article
Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots
TL;DR: In this paper, the authors propose a solution to detect and handle intra-protocol dependencies, and do the same for inter-proocols dependencies, without relying on any apriori knowledge of the protocols involved.
Journal ArticleDOI
A Survey on Zero-Day Polymorphic Worm Detection Techniques
Ratinder Kaur,Maninder Singh +1 more
TL;DR: This paper provides a detailed survey to outline the research efforts in relation to detection of modern zero-day malware in form of zero- day polymorphic worms.
Proceedings ArticleDOI
Evaluation of machine learning techniques for network intrusion detection
Marzia Zaman,Chung-Horng Lung +1 more
TL;DR: This work applies seven different machine learning techniques with information entropy calculation to Kyoto 2006+ data set and finds that Radial Basis Function (RBF) performs the best among the seven algorithms studied in this work.
References
More filters
Book
Honeypots: Tracking Hackers
TL;DR: Honeypots: Tracking Hackers is the ultimate guide to this rapidly growing, cutting-edge technology, and gains an understanding of honeypot concepts and architecture, as well as the skills to deploy the best honeypot solutions for your environment.
Proceedings Article
A virtual honeypot framework
TL;DR: Honeyd is presented, a framework for virtual honeypots that simulates virtual computer systems at the network level and shows how the Honeyd framework helps in many areas of system security, e.g. detecting and disabling worms, distracting adversaries, or preventing the spread of spam email.
Journal ArticleDOI
The Honeynet Project: trapping the hackers
TL;DR: The Honeynet Project gathers information by deploying networks that are designed to be compromised, and studies the bad guys and shares the lessons learned.
Proceedings Article
The Internet Motion Sensor - A Distributed Blackhole Monitoring System.
TL;DR: The Internet Motion Sensor is introduced, a globally scoped Internet monitoring system whose goal is to measure, characterize, and track threats and the architectural tradeoffs are explored in the context of a 3 year deployment across multiple dark address blocks ranging in size from /24s to a /8.
Proceedings ArticleDOI
ScriptGen: an automated script generation tool for Honeyd
TL;DR: This paper proposes a method to alleviate problems by automatically generating new scripts in Honeyd, a popular tool developed by Niels Provos that offers a simple way to emulate services offered by several machines on a single PC.