« UK hackers jailed for global computer worm plot (TK worm) | Main | Bots and botnets – risks, issues and prevention »
SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots
The goals of this project sound an awful lot like the Honeycomb project. Very interesting ...
As next-generation computer worms may spread within minutes to million of hosts, protection via human intervention is no longer an option. We discuss the implementation of SweetBait, an automated protection system that employs low-interaction honeypots to capture suspicious trafic. After discarding whitelisted patterns, it automatically generates worm signatures. To provide a low response time, the signatures may be immediately distributed to network intrusion detection and prevention systems. At the same time the signatures are continuously refined for increased accuracy and lower false identification rates. By monitoring signature activity and predicting ascending or descending trends in worm virulence, we are able to sort signatures in order of urgency. As a result, the set of signatures to be monitored or filtered is managed in such a way that new and very active worms are always included in the set, while the size of the set is bounded. SweetBait is deployed on medium sized academic networks across the world and is able to react to zero-day worms within minutes. Furthermore, we demonstrate how globally sharing signatures can help immunise parts of the Internet.
Source: SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots, Georgios Portokalidis and Herbert Bos.
October 13, 2005 in detection, honeypots, papers | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
Hello,
I am looking for some documents about the existing vulnerabilities. What are they, what is their effect, where are they from, etc. Do you have some documents like that, or some suggestions?.
Thanks.
Zhuowei
Posted by: Zhuowei Li | Oct 13, 2005 10:55:56 AM
The comments to this entry are closed.
