Designing a Framework for Active Worm Detection on Global Networks
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
Empirical analysis of rate limiting mechanisms
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
We propose a system for detecting scanning-worm infected machines in a local network. Infected machines are detected after a few unsuccesful connection attempts, and in cooperation with the border router, their traffic is redirected to a honeypot for worm identification and capture. We discuss the architecture of the system and present a sample implementation based on a Linux router. We discuss future improvements for increasing the detection abilities and coverage of the sensor. While the system was developed based on the Billy Goat worm-detection system, it can easily be used with other honeypot systems.