CFP last date
20 June 2024
Reseach Article

Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network

Published on December 2011 by Reshma R. Patel, Chirag S. Thaker, Hemant B. Patel
Network Security and Cryptography
Foundation of Computer Science USA
NSC - Number 3
December 2011
Authors: Reshma R. Patel, Chirag S. Thaker, Hemant B. Patel

Reshma R. Patel, Chirag S. Thaker, Hemant B. Patel . Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network. Network Security and Cryptography. NSC, 3 (December 2011), 30-35.

author = { Reshma R. Patel, Chirag S. Thaker, Hemant B. Patel },
title = { Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network },
journal = { Network Security and Cryptography },
issue_date = { December 2011 },
volume = { NSC },
number = { 3 },
month = { December },
year = { 2011 },
issn = 0975-8887,
pages = { 30-35 },
numpages = 6,
url = { /specialissues/nsc/number3/4340-spe037t/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
%0 Special Issue Article
%1 Network Security and Cryptography
%A Reshma R. Patel
%A Chirag S. Thaker
%A Hemant B. Patel
%T Detecting Zero-Day Attack Signatures using Honeycomb in a Virtualized Network
%J Network Security and Cryptography
%@ 0975-8887
%N 3
%P 30-35
%D 2011
%I International Journal of Computer Applications

Self-propagating malware, such as worms, have prompted cyber attacks that compromise regular computer systems via exploiting memory-related vulnerabilities which present threats to computer networks. A new generation worm could infect millions of hosts in just a few minutes, making on time human intrusion impossible. The new worms are spread over the network on regular basis and the computer systems and network vulnerabilities are growing enormously. Here we also facing the problem of automatically and reliably detecting previously unknown attacks which are known as zero-day attack.In this paper, I have described the use of the Honeycomb to detect Zero-day attack in Virtualized network. A method to automatically generate signatures using the proposed detection system is presented. The attack signatures are detected and scanned through the system. Honeycomb is a host-based intrusion detection system that automatically creates signatures. It uses a honeypot to capture malicious traffic targeting dark space, and then applies the Longest Common Substring (LCS) algorithm on the packet content of a number of connections going to the same services. The computed substring is used as candidate worm signature. Honeycomb is well suited for extracting string signatures for automated updates to a firewall.

  1. C. Xenakis a, C. Panos b, I. Stavrakakis b: A comparative evaluation of intrusion detection architectures for mobile ad hoc networks, elsevier , computers & security 30 ( 2011 ) 63 -80
  2. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen. HoneyStat: Local Worm Detection Using Honeypots. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 39-58, October 2004.
  3. Dr I. Muttik , McAfee Labs, UK: ZERO-DAY MALWARE ,Virus bulletin conference September 2010.
  4. G. Portokalidis ,A. Slowinska, H. Bos: Argos: an Emulator for Fingerprinting Zero-Day Attacks for advertised honeypots with automatic signature generation, EUROSYS 2006
  5. Honeynet Project. Know Your Enemy: Statistics., July 2001.
  6. Honeynet Project. Know Your Enemy: Worms at War., November 2000.
  7. None of 10 top malware vulnerabilties are in Microsoft products.
  8. I. Kim, D. Kim, B. Kim, Y. Choi, S.Yoon, J. Oh and J. Jang:An Architecture of Unknown Attack Detection System against Zero-dayWorm, Proceedings of the 8th WSEAS International Conference on APPLIED COMPUTER SCIENCE (ACS'08)
  9. J.Newsome and D.Dong. Dynamic Taint Analysis for Automatic Detection Analysis, and Signature Generation of Exploits on Commodity software. In Proceedings of the 12th ISOC Symposium on Network and Distributed System Security(SNDSS), pages 221-237, February 2005.
  10. Kreibich, C., Crowcroft,J.: Honeycomb-Creating Intrusion Detection Signatures Using Honeypots. ACM SIGCOMM Computer Communication Review 34(2004).
  11. N. Provos. A virtual honeypot framework. In Proc. of the 13th USENIX Security Symposium, 2004.
  12. P. Laskov, M. Kloft: A Framework for Quantitative Security Analysis of Machine Learning, AISec’09, November 9, 2009, Chicago, Illinois, USA.
  13. S. Pastrana, A.Orfila, A.Ribagorda: A Functional Framework to Evade Network IDS , Proceedings of the 44th Hawaii International Conference on System Sciences - 2011.
  14. S. Singh, C. Estan, G. Varghese and S. Savage. Automated Worm Fingerprinting, Sixth Symposium on Operating Systems Design and Implementation (OSDI), 2004.
Index Terms

Computer Science
Information Sciences


Zero-Day attack Honeycomb Malware Automatic Signature Generation