Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Polygraph: Automatically Generating Signatures for Polymorphic Worms
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Function Call Mechanism Based Executable Code Detection for the Network Security
SAINT '08 Proceedings of the 2008 International Symposium on Applications and the Internet
Executable Code Recognition in Network Flows Using Instruction Transition Probabilities
IEICE - Transactions on Information and Systems
Tracing Stored Program Counter to Detect Polymorphic Shellcode
IEICE - Transactions on Information and Systems
Hi-index | 0.00 |
We have presented an early detection system, ZASMIN (Zero-day Attack Signature Management Infrastructure), for novel network attack protection. This system provides early detection function and validation of attack at the moment the attacks start to spread on the network. In order to detect unknown network attack, the ZASMIN system has adopted various of new technologies, which are composed of suspicious traffic monitoring, attack validation, polymorphic worm recognition, signature generation. Some of these functionalities are implemented with hardware-based accelerator to be able to deal with giga-bit speed traffic, therefore, it can be applicable to Internet backbone or the bottle-neck point of high-speed enterprise network without any loss of traffic. In order to check the feasibility of ZASMIN, we have installed it on real honeynet environment, then we have analyzed the result about detection of unknown attack.