Title :
Honeycyber: Automated signature generation for zero-day polymorphic worms
Author :
Mohammed, Mohssen M Z E ; Chan, H. Anthony ; Ventura, Neco
Author_Institution :
Dept. of Electr. Eng., Univ. of Cape Town, Rondebosch
Abstract :
Signature-based intrusion detection systems (IDSs) can be evaded by polymorphic worms which vary their payloads in every infection attempt. In this paper, we propose Honeycyber, a system for automated signature generation for zero-day polymorphic worms. We have designed a novel double-Honeynet system, which is able to automatically detect new worms and isolate the attack traffic from innocuous traffic. We introduce unlimited Honeynet outbound connections, which allow us to capture different payloads in every infection of the same worm. The system is able to generate signatures to match most polymorphic worm instances with low false positives and low false negatives.
Keywords :
invasive software; Honeycyber; attack traffic; automated signature generation; intrusion detection systems; zero-day polymorphic worms; Africa; Availability; Cities and towns; Communication system traffic control; Data security; Databases; Intrusion detection; Payloads; Telecommunication traffic; Web and internet services;
Conference_Titel :
Military Communications Conference, 2008. MILCOM 2008. IEEE
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4244-2676-8
Electronic_ISBN :
978-1-4244-2677-5
DOI :
10.1109/MILCOM.2008.4753178
