Behavioral signature generation using shadow honeypot

Behavioral signature generation using shadow honeypot

Článek recenzovaný mimo WoS a Scopus

The main goal is to present new method of detection zero-day buffer overflow vulnerabilities. This method is based on signature generation from network traffic. We provide the detection model that generates detection profiles by honeypot systems. In this article we show 112 metrics that will be used for malware characterization in network traffic and we show the use of this method on two examples: abused buffer overflow vulnerability in FTP server and use of public known internet worm - Conficker.

The main goal is to present new method of detection zero-day buffer overflow vulnerabilities. This method is based on signature generation from network traffic. We provide the detection model that generates detection profiles by honeypot systems. In this article we show 112 metrics that will be used for malware characterization in network traffic and we show the use of this method on two examples: abused buffer overflow vulnerability in FTP server and use of public known internet worm - Conficker.

behavioral signatures, metrics, network, security design

behavioral signatures, metrics, network, security design

BARABAS, M.; DROZD, M.; HANÁČEK, P.

2013

30.05.2012

2010-376X

World Academy of Science, Engineering and Technology

2012

65

Indonéská republika

829

833

5

http://www.waset.org/journals/waset/v65/v65-163.pdf

ICCNSS_2012