NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SigFree: a signature-free buffer overflow attack blocker
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Function Call Mechanism Based Executable Code Detection for the Network Security
SAINT '08 Proceedings of the 2008 International Symposium on Applications and the Internet
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
IEICE - Transactions on Information and Systems
Tracing Stored Program Counter to Detect Polymorphic Shellcode
IEICE - Transactions on Information and Systems
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
We have introduced the ZASMIN (Zeroday-Attack Signature Management Infrastructure) system, which is developed for novel network attack detection. This system provides early warning at the moment the attacks start to spread on the network and to block the spread of the cyber attacks by automatically generating a signature that could be used by the network security appliance such as IPS. This system have adopted various of new technologies -- suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation -- for unknown network attack detection. Because its hardware-based accelerator is also capable to deal with giga-bit speed traffic, it can be applicable to Internet backbone or the bottle-neck point of high-speed enterprise network without any loss of traffic. In this paper, after we setup the ZASMIN to real testbed, we have analyzed the results of the ZASMIN about detection of unknown attack.