A hybrid honeyfarm based technique for defense against worm attacks

The threat of Internet worms is increasing with increase in network application. The recent attack of `stuxnet´ worm on the SCADA systems and nuclear power plants has posed a very critical threat to the existing security system. With new worms appearing at fast pace off late, conventional classification and defense techniques do not cover all worm attacks. So in this paper we propose a novel classification of worms which is much exhaustive as compared to earlier classifications, includes recent worm attacks and gives better and quicker understanding of recent worm behavior so that accurate defense mechanism can be designed very quickly. This paper discusses honeypot with signature based detection and honeypot with anomaly based detection. Further a novel hybrid scheme is proposed that integrates anomaly and signature detection with honeypot. Our proposed scheme combines detection scheme (i.e. signature based and anomaly based) with containment scheme, taking the advantages of both and hence developing an effective defense against Internet worms. Finally we compare various honeypot based defense mechanisms.