Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection systems (IDS). And, because zero-day worms require only seconds to launch flooding attacks on your servers, using traditional methods such as manually creating and storing signatures to defend against these threats is just too slow.
Bringing together critical knowledge and research on the subject, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks details a new approach for generating automated signatures for unknown polymorphic worms. It presents experimental results on a new method for polymorphic worm detection and examines experimental implementation of signature-generation algorithms and double-honeynet systems.
If you need some background, the book includes an overview of the fundamental terms and concepts in network security, including the various security models. Clearing up the misconceptions about the value of honeypots, it explains how they can be useful in securing your networks, and identifies open-source tools you can use to create your own honeypot. There’s also a chapter with references to helpful reading resources on automated signature generation systems.
The authors describe cutting-edge attack detection approaches and detail new algorithms to help you generate your own automated signatures for polymorphic worms. Explaining how to test the quality of your generated signatures, the text will help you develop the understanding required to effectively protect your communication networks. Coverage includes intrusion detection and prevention systems (IDPS), zero-day polymorphic worm collection methods, double-honeynet system configurations, and the implementation of double-honeynet architectures.
The Fundamental Concepts
Network Security Concepts
Automated Signature Generation for Zero-Day Polymorphic Worms
Our Experience and This Book’s Objective
Bus (Point-to-Multipoint) Topology
Distributed Bus Topology
Star-Wired Bus Topology
Star-Wired Ring Topology
Hierarchical or Tree Topology
Transmission Control Protocol
IP Routing and Routing Table
Discussion on Router
Access Mechanisms for Administrators
Security Policy for a Router
Router Security Policy Checklist
Network Traffic Filtering
Tools Used for Traffic Filtering or Network Monitoring
Intrusion Detection and Prevention Systems (ID PSs)
IDPS Detection Methods
Stateful Protocol Analysis
IDPS Security Capabilities
Types of IDPS Technologies
Integration of Multiple IDPSs
Multiple IDPS Technologies
Integration of Different IDPS Products
Common Enterprise Network-Based IDPSs
Common Enterprise Wireless IDPSs
Common Enterprise NBA Systems
Common Enterprise Host-Based IDPSs
Definition and History of Honeypots
Honeypot and Its Working Principle
History of Honeypots
Types of Honeypots
Types of Threats
Script Kiddies and Advanced Blackhat Attacks
The Value of Honeypots
Advantages of Honeypots
Disadvantages of Honeypots
Roles of Honeypots in Network Security
Honeypot Types Based on Interaction Level
An Overview of Five Honeypots
Mohssen Mohammed received his B.Sc. (Honors) degree in Computer Science from Computer Man College for Computer Studies (Future University), Khartoum – Sudan in 2003. In 2006, received the M.Sc. degree in Computer Science from the Faculty of Mathematical Sciences – University of Khartoum, Sudan. In 2012 received Ph.D. degree in Electrical Engineering from Cape Town University, South Africa. He published several papers at top international conferences such as GLOBECOM and MILCOM. He has served as a Technical Program Committee member in numerous international conferences like ICSEA 2010, ICNS 2011. He got University of Cape Town prize for International Scholarship for Academic Merit (Years 2007, 2008, and 2009). From 2005 to 2012 he has been working as a permanent academic staff at the University of Juba, South of Sudan. Now he is working as Assistant Professor in the College of Computer Science & Information Technology, Bahri University, Khartoum Sudan. His research interest includes Network Security, especially Intrusion detection and prevention systems, Honeypots, Firewalls, and Malware Detection Methods.
Al-Sakib Khan Pathan received his Ph.D. degree in Computer Engineering in 2009 from Kyung Hee University, South Korea. He received B.Sc. degree in Computer Science and Information Technology from Islamic University of Technology (IUT), Bangladesh in 2003. He is currently an Assistant Professor at Computer Science department in International Islamic University Malaysia (IIUM), Malaysia. Till June 2010, he served as an Assistant Professor at Computer Science and Engineering department in BRAC University, Bangladesh. Prior to holding this position, he worked as a Researcher at Networking Lab, Kyung Hee University, South Korea till August 2009. His research interest includes wireless sensor networks, network security, and e-services technologies. He is a recipient of several awards/best paper awards and has several publications in these areas. He has served as a Chair, Organizing Committee Member, and Technical Program Committee member in numerous international conferences/workshops like HPCS, ICA3PP, IWCMC, VTC, HPCC, IDCS, etc. He is currently serving as the Editor-in-Chief of IJIDCS, an Area Editor of IJCNIS, Editor of IJCSE, Inderscience, Associate Editor of IASTED/ACTA Press IJCA and CCS, Guest Editor of some special issues of top-ranked journals, and Editor/Author of five published books. He also serves as a referee of some renowned journals. He is a member of Institute of Electrical and Electronics Engineers (IEEE), USA; IEEE Communications Society (IEEE ComSoc), USA, and IEEE ComSoc Bangladesh Chapter, and several other international organizations.