DocumentCode :
3705295
Title :
A predictive zero-day network defense using long-term port-scan recording
Author :
Chia-Nan Kao; Yung-Cheng Chang; Nen-Fu Huang;I Salim S; I-Ju Liao; Rong-Tai Liu; Hsien-Wei Hung
Author_Institution :
Institute of Communication Engineering, National Tsing Hua University, Taiwan, R.O.C.
fYear :
2015
Firstpage :
695
Lastpage :
696
Abstract :
Zero-day attack is a critical network attack. The zero-day attack period (ZDAP) is the period from the release of malware/exploit until a patch becomes available. IDS/IPS cannot effectively block zero-day attacks because they use pattern-based signatures in general. This paper proposes a Prophetic Defender (PD) by which ZDAP can be minimized. Prior to actual attack, hackers scan networks to identify hosts with vulnerable ports. If this port scanning can be detected early, zero-day attacks will become detectable. PD architecture makes use of a honeypot-based pseudo server deployed to detect malicious port scans. A port-scanning honeypot was operated by us in 6 years from 2009 to 2015. By analyzing the 6-year port-scanning log data, we understand that PD is effective for detecting and blocking zero-day attacks. The block rate of the proposed architecture is 98.5%.
Keywords :
"Ports (Computers)","Computer hacking","Servers","Market research","Computer architecture","Malware","Reconnaissance"
Publisher :
ieee
Conference_Titel :
Communications and Network Security (CNS), 2015 IEEE Conference on
Type :
conf
DOI :
10.1109/CNS.2015.7346890
Filename :
7346890
Link To Document :
بازگشت