A Novel Framework for Zero-Day Attacks Detection and Response with Cyberspace Mimic Defense Architecture
In cyberspace,unknown zero-day attacks can bring safety hazards.Traditional defense methods based on signatures are ineffective.Based on the Cyberspace Mimic Defense(CMD)architecture,the paper proposes a framework to detect the attacks and respond to them.Inputs are assigned to all online redundant heterogeneous functionally equivalent modules.Their independent outputs are compared and the outputs in the majority will be the final response.The abnormal outputs can be detected and so can the attack.The damaged executive modules with abnormal outputs will be replaced with new ones from the diverse executive module pool.By analyzing the abnormal outputs,the correspondence between inputs and abnormal outputs can be built and inputs leading to recurrent abnormal outputs will be written into the zero-day attack related database and their reuses cannot work any longer,as the suspicious malicious inputs can be detected and processed.Further responses include IP blacklisting and patching,etc.The framework also uses honeypot like executive module to confuse the attacker.The proposed method can prevent the recurrent attack based on the same exploit.
Zero-day attacks Cyberspace Mimic Defense Intrusion detection and response Honeypot Feedback Anomaly statistics and analysis
Wenyan Liu Fucai Chen Hongchao Hu Guozhen Cheng Shumin Huo Hao liang
National Digital Switching System Engineering & Technological R&D Center Zhengzhou 450002,Henan,China
国际会议
南京
英文
51-53
2017-10-12(万方平台首次上网日期,不代表论文的发表时间)