Defeating Internet attacks using risk awareness and active honeypots

New forms of Internet attacks, such as SQL Slammer, have become increasingly sophisticated. Although coded in a simple way, the SQL Slammer worm propagated all over the world at an extremely high speed in a short period of time, rendering it impossible for humans to counter it using manual intervention. Here, we propose a security framework called Japonica to detect and respond to unknown attacks at the early stage through the dynamic orchestration of prevention, detection, and response mechanisms. We identify important requirements to support the proposed framework and corresponding system entities. Also, we describe our model using colored Petri nets to discover a uniform message exchange format among the entities. One unique characteristic of Japonica is an active response coordinator and we demonstrate its feasibility in a proof-of-concept prototype, utilizing a honeypot as an active entity. Our results indicate that Japonica can successfully prevent the spread of SQL Slammer without human intervention. We are currently extending the framework to counter other forms of sophisticated Internet attacks.