Defeating Internet attacks using risk awareness and active honeypots

Lawrence Teo, Yu An Sun, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

New forms of Internet attacks, such as SQL Slammer, have become increasingly sophisticated. Although coded in a simple way, the SQL Slammer worm propagated all over the world at an extremely high speed in a short period of time, rendering it impossible for humans to counter it using manual intervention. In this paper, we propose a security framework called Japonica to detect and respond to unknown attacks at the early stage through the dynamic orchestration of prevention, detection, and response mechanisms. We identify important requirements to support the proposed framework and corresponding system entities. Also, we describe our model using Colored Petri Nets to discover a uniform message exchange format among the entities. One unique characteristic of Japonica is an active response coordinator and we demonstrate its feasibility in a proof-of-concept prototype, utilizing a honeypot as an active entity. Our results indicate that Japonica can successfully prevent the spread of SQL Slammer without human intervention. We are currently extending the framework to counter other forms of sophisticated Internet attacks.

Original languageEnglish (US)
Title of host publicationProceedings - Second IEEE Information Assurance Workshop
Pages155-167
Number of pages13
DOIs
StatePublished - Sep 24 2004
Externally publishedYes
EventProceedings - Second IEEE Information Assurance Workshop - Charlotte, NC, United States
Duration: Apr 8 2004Apr 9 2004

Publication series

NameProceedings - Second IEEE Information Assurance Workshop

Other

OtherProceedings - Second IEEE Information Assurance Workshop
Country/TerritoryUnited States
CityCharlotte, NC
Period4/8/044/9/04

Keywords

  • Colored Petri Nets
  • Honeypots
  • Japonica
  • Risk Awareness

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Defeating Internet attacks using risk awareness and active honeypots'. Together they form a unique fingerprint.

Cite this