A case study of unknown attack detection against Zero-day worm in the honeynet environment

We have presented an early detection system, ZASMIN (Zero-day Attack Signature Management Infrastructure), for novel network attack protection. This system provides early detection function and validation of attack at the moment the attacks start to spread on the network. In order to detect unknown...

Full description

Saved in:
Bibliographic Details
Published in2009 11th International Conference on Advanced Communication Technology Vol. 3; pp. 1715 - 1720
Main Authors Ikkyun Kim, Daewon Kim, Byunggoo Kim, Yangseo Choi, Seongyong Yoon, Jintae Oh, Jongsoo Jang
Format Conference Proceeding
LanguageEnglish
Published GIRI 01.02.2009
Subjects
Computer networks
Computer worms
Cyber attack
Environmental management
Information security
Intrusion detection
IP networks
Monitoring
Protection
Signature
Spine
Telecommunication traffic
Zero-day Attack
Online AccessGet full text

Cover

More Information
Summary:We have presented an early detection system, ZASMIN (Zero-day Attack Signature Management Infrastructure), for novel network attack protection. This system provides early detection function and validation of attack at the moment the attacks start to spread on the network. In order to detect unknown network attack, the ZASMIN system has adopted various of new technologies, which are composed of suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation. Some of these functionalities are implemented with hardware-based accelerator to be able to deal with giga-bit speed traffic, therefore, it can be applicable to Internet backbone or the bottle-neck point of high-speed enterprise network without any loss of traffic. In order to check the feasibility of ZASMIN, we have installed it on real honeynet environment, then we have analyzed the result about detection of unknown attack.
ISBN:8955191383
9788955191387
ISSN:1738-9445