Paper Info
Title
A proactive approach to intrusion detection and malware collection.
Abstract
Network continues to be under various attacks every day. One common attack is to use password guessing to intrude a machine and then to inject malware or botnet for future control. To develop counter measures, honeypot technique, which simulates a real system, is often used for capturing attack patterns, malware or botnet, and malware download sites. However, neither low-interaction nor medium-interaction honeypot could simulate well the behaviors in a true system as a result of the inborn restrictions in the technology so that the honeypot might be discovered by an attacker or malware. This study proposes a new honeypot system, Jingu, which is constructed with a true environment plus protection mechanism from being circumvented. The proposed high-interactive honeypot system, Jingu, can achieve the following goals: (1) not be perceived by attackers; (2) to protect against being attacked; (3) to record and learn attack behaviors; (4) to capture malware; and (5) to collect valuable information for detection purpose. Jingu has been deployed on a real network for 2years. Comparing with the low-interactive honeypot, honeyd, Jingu can successfully catch attack behaviors as well as can capture malware. The results show that the proposed system is able to block real attacks and to collect valuable information for future detection and malware analysis. Copyright (c) 2012 John Wiley & Sons, Ltd.
Year
DOI
Venue
2013
10.1002/sec.619
SECURITY AND COMMUNICATION NETWORKS
Keywords
Field
DocType
honeypot,malware,botnet,intrusion detection
Cryptovirology,Honeypot,Attack patterns,Computer security,Botnet,Computer science,Computer network,Asprox botnet,Malware,Intrusion detection system,Malware analysis
Journal
Volume
Issue
ISSN
6
7
1939-0114
Citations 
PageRank 
References 
0
0.34
9
Authors
3
Name
Order
Citations
PageRank
Chia-Mei Chen116724.32
Sheng-Tzong Cheng229344.23
Ruei-Yu Zeng300.34