Detecting and Defending against Worm Attacks Using Bot-honeynet
We proposed a worm detection and defense system named bot-honeynet in this paper, which combines the best features of honey net, anomaly detection and botnet. The combination of honeynet and anomaly detection system offers a tradeoff between false positive and false negative rates. The control mechanism of botnet can help our system control all the honeypots in the bot-honeynet, Bot-honeynet is designed to not only detect worm attacks but also defend against malicious worms. Once malicious worms are detected, thousands of benign worms are released to counterattack them at the same time. We can conclude from simulation that P2P-based benign worm is provided with high efficiency on defending against malicious worms and is better than traditional benign worm even if the release time is later. Thus, it saves more time for security researchers to prepare benign worms.
worm detection honeynet botnet propagation model mutant worm
Yu Yao Jun-wei Lv Fu-xiang Gao Ge Yu Qing-xu Deng
School of Information Science and Engineering Northeastern University Shenyang, China
国际会议
Second International Symposium on Electronic Commerce and Security(第二届电子商务与安全国际研究大会)(ISECS 2009)
南昌
英文
260-264
2009-05-22(万方平台首次上网日期,不代表论文的发表时间)