Detecting and Defending against Worm Attacks Using Bot-honeynet

Author

Yao, Yu ; Lv, Jun-wei ; Gao, Fu-Xiang ; Yu, Ge ; Deng, Qing-xu

Author_Institution

Sch. of Inf. Sci. & Eng., Northeastern Univ., Shenyang, China

Volume

1

fYear

2009

fDate

22-24 May 2009

Firstpage

260

Lastpage

264

Abstract

We proposed a worm detection and defense system named bot-honeynet in this paper, which combines the best features of honeynet, anomaly detection and botnet. The combination of honeynet and anomaly detection system offers a tradeoff between false positive and false negative rates. The control mechanism of botnet can help our system control all the honeypots in the bot-honeynet. Bot-honeynet is designed to not only detect worm attacks but also defend against malicious worms. Once malicious worms are detected, thousands of benign worms are released to counterattack them at the same time. We can conclude from simulation that P2P based benign worm is provided with high efficiency on defending against malicious worms and is better than traditional benign worm even if the release time is later. Thus, it saves more time for security researchers to prepare benign worms.

Keywords

invasive software; P2P based benign worm; anomaly detection; bot-honeynet implementation; botnet control mechanism; false negative rate; false positive rate; malicious worm; worm detection defense system; Computer architecture; Control systems; Detectors; Electronic commerce; Information science; Information security; Instruments; Internet; Intrusion detection; Power system protection; botnet; honeynet; mutant worm; propagation model; worm detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Electronic Commerce and Security, 2009. ISECS '09. Second International Symposium on

Conference_Location

Nanchang

Print_ISBN

978-0-7695-3643-9

Type

conf

DOI

10.1109/ISECS.2009.185

Filename

5209851