TY - GEN
T1 - Defeating Internet attacks using risk awareness and active honeypots
AU - Teo, Lawrence
AU - Sun, Yu An
AU - Ahn, Gail Joon
PY - 2004/9/24
Y1 - 2004/9/24
N2 - New forms of Internet attacks, such as SQL Slammer, have become increasingly sophisticated. Although coded in a simple way, the SQL Slammer worm propagated all over the world at an extremely high speed in a short period of time, rendering it impossible for humans to counter it using manual intervention. In this paper, we propose a security framework called Japonica to detect and respond to unknown attacks at the early stage through the dynamic orchestration of prevention, detection, and response mechanisms. We identify important requirements to support the proposed framework and corresponding system entities. Also, we describe our model using Colored Petri Nets to discover a uniform message exchange format among the entities. One unique characteristic of Japonica is an active response coordinator and we demonstrate its feasibility in a proof-of-concept prototype, utilizing a honeypot as an active entity. Our results indicate that Japonica can successfully prevent the spread of SQL Slammer without human intervention. We are currently extending the framework to counter other forms of sophisticated Internet attacks.
AB - New forms of Internet attacks, such as SQL Slammer, have become increasingly sophisticated. Although coded in a simple way, the SQL Slammer worm propagated all over the world at an extremely high speed in a short period of time, rendering it impossible for humans to counter it using manual intervention. In this paper, we propose a security framework called Japonica to detect and respond to unknown attacks at the early stage through the dynamic orchestration of prevention, detection, and response mechanisms. We identify important requirements to support the proposed framework and corresponding system entities. Also, we describe our model using Colored Petri Nets to discover a uniform message exchange format among the entities. One unique characteristic of Japonica is an active response coordinator and we demonstrate its feasibility in a proof-of-concept prototype, utilizing a honeypot as an active entity. Our results indicate that Japonica can successfully prevent the spread of SQL Slammer without human intervention. We are currently extending the framework to counter other forms of sophisticated Internet attacks.
KW - Colored Petri Nets
KW - Honeypots
KW - Japonica
KW - Risk Awareness
UR - http://www.scopus.com/inward/record.url?scp=4544251936&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=4544251936&partnerID=8YFLogxK
U2 - 10.1109/IWIA.2004.1288045
DO - 10.1109/IWIA.2004.1288045
M3 - Conference contribution
AN - SCOPUS:4544251936
SN - 0769521177
SN - 9780769521176
T3 - Proceedings - Second IEEE Information Assurance Workshop
SP - 155
EP - 167
BT - Proceedings - Second IEEE Information Assurance Workshop
T2 - Proceedings - Second IEEE Information Assurance Workshop
Y2 - 8 April 2004 through 9 April 2004
ER -