智能蜜罐协同检测未知恶意代码

2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI:10.1109/WISTDCS.2008.10

Jungsuk Song, H. Takakura, Y. Okabe

{"title":"智能蜜罐协同检测未知恶意代码","authors":"Jungsuk Song, H. Takakura, Y. Okabe","doi":"10.1109/WISTDCS.2008.10","DOIUrl":null,"url":null,"abstract":"Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes\",\"authors\":\"Jungsuk Song, H. Takakura, Y. Okabe\",\"doi\":\"10.1109/WISTDCS.2008.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.\",\"PeriodicalId\":142886,\"journal\":{\"name\":\"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WISTDCS.2008.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WISTDCS.2008.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

摘要

蜜罐是最流行的工具之一，它可以诱骗攻击者进入我们的网络，并捕获有关恶意攻击者活动的大量信息。通过对收集到的流量数据进行跟踪和分析，可以在某些代码对应用程序造成危害之前，在实验阶段发现未知的恶意代码。尽管已经提出了许多蜜罐，但存在一个共同的问题，即它们很容易被恶意攻击者检测到。这对于蜜罐的成功或失败非常重要，因为一旦攻击者注意到他/她正在蜜罐上工作，我们就无法再观察到他/她的恶意活动。本文提出了两种类型的蜜罐来自动收集不可预见的漏洞代码，同时保持其对恶意攻击者的隐蔽性;基于合作的主动蜜罐和自保护型蜜罐。我们对部署在京都大学的蜜罐进行了评估，并表明它们有能力收集一些未知的恶意代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes

Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing

自引率

0.00%

发文量