Rule generator for IPS by using honeypot to fight polymorphic worm
暂无分享,去创建一个
Nowadays, most network is already protected by Intrusion Prevention System (IPS). But most of the IPS is using signature based detection techniques, whereas signature update tends to be difficult and time consuming because it requires expert knowledge in the making. Therefore, IPS signature based has a weakness in detecting latest attack. This paper present a signature-generating technique by using signature generator and honeypot. The signature generator used in this paper is Polygraph because has an advantage on detecting polymorphic worm. The honeypot used is Dionaea because the log can be converted into the forms required by Polygraph. This paper will discuss what steps are needed in transforming attack data from honeypot into a rule that can be used by IPS Snort.
[1] Albert Sagala. Automatic SNORT IDS rule generation based on honeypot log , 2015, 2015 7th International Conference on Information Technology and Electrical Engineering (ICITEE).
[2] Jie Wang,et al. Computer Network Security , 2009 .
[3] Somesh Jha,et al. An architecture for generating semantics-aware signatures , 2005 .
[4] Jon Crowcroft,et al. Honeycomb , 2004, Comput. Commun. Rev..