Detecting and Analyzing Zero-Day Attacks Using Honeypots

Author

Musca, Constantin ; Mirica, Emma ; Deaconescu, Razvan

Author_Institution

Dept. of Comput. Sci. & Eng., Univ. Politeh. of Bucharest, Bucharest, Romania

fYear

2013

fDate

29-31 May 2013

Firstpage

543

Lastpage

548

Abstract

Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks.

Keywords

computer network security; invasive software; virtual machines; Snort intrusion detection system; Snort intrusion prevention system; computer network; honeypot system; information security domain; malware; security vulnerability; virtual machine; zero-day attack analysis; zero-day attack detection; Dictionaries; IP networks; Operating systems; Ports (Computers); Protocols; Security; Virtual machining; honeypot; intrusion detec- tion/prevention system; zero-day attacks;

fLanguage

English

Publisher

ieee

Conference_Titel

Control Systems and Computer Science (CSCS), 2013 19th International Conference on

Conference_Location

Bucharest

Print_ISBN

978-1-4673-6140-8

Type

conf

DOI

10.1109/CSCS.2013.94

Filename

6569317