ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper A Case Study of Unknown Attack Detection Against Zero-day Worm in the HoneyNet Environment
Cited - time in scopus Share share facebook twitter linkedin kakaostory
Authors
Ik Kyun Kim, Dae Won Kim, Byung Goo Kim, Yang Seo Choi, Seong Yong Yoon, Jin Tae Oh, Jong Soo Jang
Issue Date
2009-02
Citation
International Conference on Advanced Communication Technology (ICACT) 2009, pp.1715-1720
Publisher
IEEE
Language
English
Type
Conference Paper
Abstract
We have presented an early detection system, ZAS-MIN (Zero-day Attack Signature Management Infrastructure), for novel network attack protection. This system provides early detection function and validation of attack at the moment the attacks start to spread on the network. In order to detect unknown network attack, the ZASMIN system has adopted various of new technologies, which are composed of suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation. Some of these functionalities are implemented with hardware-based accelerator to be able to deal with giga-bit speed traffic, therefore, it can be applicable to Internet backbone or the bottle-neck point of high-speed enterprise network without any loss of traffic. In order to check the feasibility of ZASMIN, we have installed it on real honeynet environment, then we have analyzed the result about detection of unknown attack.
KSP Keywords
Attack Detection, Attack signature, Bit speed, Bottle-neck, Case studies, Early detection system, High Speed, Internet backbone, Intrusion detection system(IDS), Network Attacks, New technologies