Detecting targeted attacks using shadow honeypots

14th USENIX Security Symposium

Volumn , Issue , 2005, Pages 129-144

  Anagnostakis, K G ^a   Sidiroglou, S ^c   Akritidis, P ^b   Xinidis, K ^b   Markatos, E ^b   Keromytis, A D ^c  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

^b INSTITUTE OF COMPUTER SCIENCE   (Greece)

^c Columbia University ^*  (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; NETWORK ARCHITECTURE; NETWORK SECURITY; WEB BROWSERS;

ANOMALY DETECTOR; ANOMALY PREDICTIONS; APACHE WEB SERVER; CLIENT APPLICATIONS; HYBRID ARCHITECTURES; PROOF OF CONCEPT; PROTECTED NETWORKS; SYSTEM DESIGNERS;

ANOMALY DETECTION;

EID: 59249106693     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (59)

1. i-Bench. http://http://www.veritest.com/ benchmarks/i- bench/default.asp.
2. Using Network-Based Application Recognition and Access Control Lists for Blocking the”Code Red” Worm at Network Ingress Points. Technical report, Cisco Systems, Inc.
3. CERT Advisory CA-2001-19: ‘Code Red’ Worm Exploiting Buffer Overflow in IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, July 2001.
4. ApacheBench: A complete benchmarking and regression testing suite. http://freshmeat.net/projects/apachebench/, July 2003.
5. Cert Advisory CA-2003-04: MS-SQL Server Worm. http://www.cert.org/advisories/CA-2003-04.html, January 2003.
6. Microsoft Security Bulletin MS04-028: Buffer Overrun in JPEG Processing Could Allow Code Execution. http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx, September 2004.
7. US-CERT Technical Cyber Security Alert TA04-217A: Multiple Vulnerabilities in libpng. http://www.us-cert.gov/cas/techalerts/TA04-217A.html, August 2004.
8. P. Akritidis, K. Anagnostakis, and E. P. Markatos. Efficient content-based fingerprinting of zero-day worms. In Proceedings of the IEEE International Conference on Communications (ICC), May 2005.
9. th ISOC Symposium on Network and Distributed Systems Security (SNDSS), pages 167–179, February 2005.
10. M. Bhattacharyya, M. G. Schultz, E. Eskin, S. Hershkop, and S. J. Stolfo. MET: An Experimental System for Malicious Email Tracking. In Proceedings of the New Security Paradigms Workshop (NSPW), pages 1–12, September 2002.
11. rd Workshop on Network Processors and Applications (NP3), February 2004.
12. E. Cook, M. Bailey, Z. M. Mao, and D. McPherson. Toward Understanding Distributed Blackhole Placement. In Proceedings of the ACM Workshop on Rapid Malcode (WORM), pages 54–64, October 2004.
13. th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 39–58, October 2004.
14. E. N. Elnozahy, L. Alvisi, Y.-M. Wang, and D. B. Johnson. A survey of rollback-recovery protocols in message-passing systems. ACM Comput. Surv., 34(3):375–408, 2002.
15. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast Portscan Detection Using Sequential Hypothesis Testing. In Proceedings of the IEEE Symposium on Security and Privacy, May 2004.
16. th International Symposium on Recent Advances in Intrusion Detection (RAID), October 2002.
17. th USENIX Security Symposium, pages 271–286, August 2004.
18. C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful Intrusion Detection for High-Speed Networks. In Proceedings of the IEEE Symposium on Security and Privacy, pages 285–294, May 2002.
19. th ACM Conference on Computer and Communications Security (CCS), pages 251–261, October 2003.
20. J. G. Levine, J. B. Grizzard, and H. L. Owen. Using Honeynets to Protect Large Enterprise Networks. IEEE Security & Privacy, 2(6):73–75, November/December 2004.
21. D. Malkhi and M. K. Reiter. Secure execution of java applets using a remote playground. IEEE Trans. Softw. Eng., 26(12):1197–1209, 2000.
22. A. J. Malton. The Denotational Semantics of a Functional Tree-Manipulation Language. Computer Languages, 19(3):157–168, 1993.
23. D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In Proceedings of the IEEE Infocom Conference, April 2003.
24. th ISOC Symposium on Network and Distributed System Security (SNDSS), pages 221–237, February 2005.
25. A. Pasupulati, J. Coit, K. Levitt, S. F. Wu, S. H. Li, J. C. Kuo, and K. P. Fan. Buttercup: On Network-based Detection of Polymorphic Buffer Overflow Vulnerabilities. In Proceedings of the Network Operations and Management Symposium (NOMS), pages 235–248, vol. 1, April 2004.
26. J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overflows. IEEE Security & Privacy, 2(4):20–27, July/August 2004.
27. P. Porras, L. Briesemeister, K. Levitt, J. Rowe, and Y.-C. A. Ting. A Hybrid Quarantine Defense. In Proceedings of the ACM Workshop on Rapid Malcode (WORM), pages 73–82, October 2004.
28. th USENIX Security Symposium, pages 1–14, August 2004.
29. th Annual IFIP 11.3 Working Conference on Data and Application Security Conference, April 2002.
30. th Annual Hawaii International Conference on System Sciences (HICSS), January 2003.
31. J. C. Reynolds, J. Just, E. Lawson, L. Clough, and R. Maglich. The Design and Implementation of an Intrusion Tolerant System. In Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 2002.
32. M. Roesch. Snort: Lightweight intrusion detection for networks. In Proceedings of USENIX LISA, November 1999. (software available from http://www.snort.org/).
33. L. Schaelicke, T. Slabach, B. Moore, and C. Freeland. Characterizing the Performance of Network Intrusion Detection Sensors. In Proceedings of Recent Advances in Intrusion Detection (RAID), September 2003.
34. th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 59–81, October 2004.
35. S. Sidiroglou and A. D. Keromytis. A Network Worm Vaccine Architecture. In Proceedings of the IEEE Workshop on Enterprise Technologies: Infrastructure for Collaborative Enterprises (WET-ICE), Workshop on Enterprise Security, pages 220–225, June 2003.
36. th Symposium on Operating Systems Design & Implementation (OSDI), December 2004.
37. th ISOC Symposium on Network and Distributed System Security (SNDSS), February 2005.
38. th ACM Symposium on Operating Systems Principles (SOSP), pages 216–229, Chateau Lake Louise, Banff, Alberta, Canada, October 2001.
39. D. Spinellis. Reliable identification of bounded-length viruses is NP-complete. IEEE Transactions on Information Theory, 49(1):280–284, January 2003.
40. L. Spitzner. Honeypots: Tracking Hackers. Addison-Wesley, 2003.
41. S. Staniford. Containment of Scanning Worms in Enterprise Networks. Journal of Computer Security, 2005. (to appear).
42. S. Staniford, D. Moore, V. Paxson, and N. Weaver. The Top Speed of Flash Worms. In Proceedings of the ACM Workshop on Rapid Malcode (WORM), pages 33–42, October 2004.
43. th USENIX Security Symposium, pages 149–167, August 2002.
44. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. SIGOPS Operating Systems Review, 38(5):85–96, 2004.
45. th ISOC Symposium on Network and Distributed Systems Security (SNDSS), pages 265–278, February 2005.
46. P. Ször and P. Ferrie. Hunting for Metamorphic. Technical report, Symantec Corporation, June 2003.
47. Top Layer Networks. http://www.toplayer.com.
48. th Symposium on Recent Advances in Intrusion Detection (RAID), October 2002.
49. T. Toth and C. Kruegel. Connection-history Based Anomaly Detection. In Proceedings of the IEEE Workshop on Information Assurance and Security, June 2002.
50. th ISOC Symposium on Network and Distributed Systems Security (SNDSS), pages 149–166, February 2005.
51. th ACM Conference on Computer and Communications Security (CCS), pages 21–30, October 2004.
52. H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. In Proceedings of the ACM SIGCOMM Conference, pages 193–204, August 2004.
53. th International Symposium on Recent Advanced in Intrusion Detection (RAID), pages 201–222, September 2004.
54. th USENIX Security Symposium, pages 29–44, August 2004.
55. th ISOC Symposium on Network and Distributed Systems Security (SNDSS), pages 181–195, February 2005.
56. J. Wu, S. Vangala, L. Gao, and K. Kwiat. An Effective Architecture and Algorithm for Detecting Worms with Various Scan Techniques. In Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), pages 143–156, February 2004.
57. V. Yegneswaran, P. Barford, and S. Jha. Global Intrusion Detection in the DOMINO Overlay System. In Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), February 2004.
58. th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 146–165, October 2004.
59. th ACM International Conference on Computer and Communications Security (CCS), pages 190–199, October 2003.