Zero day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities

Every organization connected to the internet has one common threat of zero-day attacks. Zero-day exploits are unnoticed until a specific vulnerability is actually identified and reported. Zero-day attacks are difficult to defend against because it is mostly detected only after it has completed its course of action. Protecting networks, applications and systems from zero-day attacks is the daunting task for organization’s security persons. This paper analyzed the research efforts in relation to detection of zero-day attacks. The fundamental limitations of existing approaches are the signature generation of unknown activities and the false alarming rate of anomalous behavior. To overcome these issues, this paper proposes a new approach for zero-day attacks analysis and detection, which senses the organization’s network and monitors the behavioral activity of zero-day exploit at each and every stage of their life cycle. The proposed approach in this paper provides a machine learning based framework to sense network traffic that detects anomalous behavior of network in order to identify the presence of zero-day exploit. The proposed framework uses supervised classification schemes for assessment of known classes with the adaptability of unsupervised classification in order to detect the new dimension of classification.

[1]  Umesh Singh,et al.  Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape , 2016 .

[2]  Ming-Yang Kao,et al.  Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  Jongsoo Jang,et al.  A case study of unknown attack detection against Zero-day worm in the honeynet environment , 2009, 2009 11th International Conference on Advanced Communication Technology.

[4]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[5]  David Hammarberg The Best Defenses Against Zero-day Exploits for Various-sized Organizations , 2015 .

[6]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[7]  Monal M. Rathor,et al.  Special Issue on Impact of Technology on Skill Development Conference Held at IETE Amravati Center, Maharashtra, India Predicting Unknown Vulnerabilies in Network Using K- zero Day Safety Technique , 2015 .

[8]  Tom Leinster,et al.  Measuring diversity: the importance of species similarity. , 2012, Ecology.

[9]  Maninder Singh,et al.  Efficient hybrid technique for detecting zero-day polymorphic worms , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[10]  Kapil Tarey,et al.  A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System , 2015 .

[11]  Sencun Zhu,et al.  Improving sensor network immunity under worm attacks: A software diversity approach , 2016, Ad Hoc Networks.

[12]  P. Watters,et al.  Obfuscation of Stuxnet and Flame Malware , 2012 .

[13]  Omer F. Rana,et al.  Predicting client-side attacks via behaviour analysis using honeypot data , 2011, 2011 7th International Conference on Next Generation Web Services Practices.

[14]  Maninder Singh,et al.  Automatic Evaluation and Signature Generation Technique for Thwarting Zero-Day Attacks , 2014, SNDS.

[15]  Sushil Jajodia,et al.  Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks , 2014, ESORICS.

[16]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[17]  Jia Wang,et al.  Would Diversity Really Increase the Robustness of the Routing Infrastructure against Software Defects? , 2008, NDSS.

[18]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[19]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[20]  Umesh Singh,et al.  ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies , 2014 .

[21]  U. Singh,et al.  Performance Evaluation of Web Application Security Scanners for More Effective Defense , 2016 .

[22]  George Karabatis,et al.  Toward Zero-Day Attack Identification Using Linear Data Transformation Techniques , 2013, 2013 IEEE 7th International Conference on Software Security and Reliability.