Detail publikace

Behavioral signature generation using shadow honeypot

Originální název

Behavioral signature generation using shadow honeypot

Anglický název

Behavioral signature generation using shadow honeypot

Jazyk

en

Originální abstrakt

The main goal is to present new method of detection zero-day buffer overflow vulnerabilities. This method is based on signature generation from network traffic. We provide the detection model that generates detection profiles by honeypot systems. In this article we show 112 metrics that will be used for malware characterization in network traffic and we show the use of this method on two examples: abused buffer overflow vulnerability in FTP server and use of public known internet worm - Conficker.

Anglický abstrakt

The main goal is to present new method of detection zero-day buffer overflow vulnerabilities. This method is based on signature generation from network traffic. We provide the detection model that generates detection profiles by honeypot systems. In this article we show 112 metrics that will be used for malware characterization in network traffic and we show the use of this method on two examples: abused buffer overflow vulnerability in FTP server and use of public known internet worm - Conficker.

BibTex


@article{BUT96920,
  author="Maroš {Barabas} and Michal {Drozd} and Petr {Hanáček}",
  title="Behavioral signature generation using shadow honeypot",
  annote="The main goal is to present new method of detection zero-day buffer overflow
vulnerabilities. This method is based on signature generation from network
traffic. We provide the detection model that generates detection profiles by
honeypot systems. In this article we show 112 metrics that will be used for
malware characterization in network traffic and we show the use of this method on
two examples: abused buffer overflow vulnerability in FTP server and use of
public known internet worm - Conficker.",
  address="NEUVEDEN",
  chapter="96920",
  edition="NEUVEDEN",
  howpublished="print",
  institution="NEUVEDEN",
  number="65",
  volume="2012",
  year="2012",
  month="may",
  pages="829--833",
  publisher="NEUVEDEN",
  type="journal article - other"
}