Skip to main content
SpringerLink
Log in

Two-Level Automated Approach for Defending Against Obfuscated Zero-Day Attacks

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8924))

Included in the following conference series:

  • 1046 Accesses

Abstract

A zero-day attack is one that exploits a vulnerability for which no patch is readily available and the developer or vendor may or may not be aware. They are very expensive and powerful attack tools to defend against. Since the vulnerability is not known in advance, there is no reliable way to guard against zero-day attacks before they happen. Attackers take advantage of the unknown nature of zero-day exploits and use them in conjunction with highly sophisticated and targeted attacks to achieve stealthiness with respect to standard intrusion detection techniques. This paper presents a novel combination of anomaly, behavior and signature based techniques for detecting such zero-day attacks. The proposed approach detects obfuscated zero-day attacks with two-level evaluation, generates a new signature automatically and updates other sensors by using push technology via global hotfix feature.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 833–844. ACM Press, New York (2012)

    Google Scholar 

  2. Symantec’s Internet Threat Report of 2013. https://scm.symantec.com/resources/istr18_en.pdf

  3. Mohammed, M.M.Z.E., Chan, H.A., Ventura, N.: Honeycyber: automated signature generation for zero-day polymorphic worms. In: Proceedings of the IEEE Military Communications Conference (MILCOM 2008), pp. 1–6. IEEE Computer Society, Washington (2008)

    Google Scholar 

  4. Mohammed, M.M.Z.E., Chan, H.A., Ventura, N., Hashim, M., Amin, I., Bashier, E.: Detection of zero-day polymorphic worms using principal component analysis. In: Proceedings of the 6th IEEE International Conference on Networking and Services, pp. 277–281. IEEE Computer Society, Washington (2010)

    Google Scholar 

  5. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 226–241. IEEE Press, New York (2005)

    Google Scholar 

  6. Portokalidis, G., Bos, H.: SweetBait: zero-hour worm detection and containment using low-and high-interaction honeypots. J. Comput. Telecommun. Netw. 51(5), 1256–1274 (2007)

    Article  MATH  Google Scholar 

  7. Wang, L., Li, Z., Chen, Y., Fu, Z., Li, X.: Thwarting zero-day polymorphic worms with network-level length-based signature generation. J. IEEE/ACM Trans. Netw. 18(1), 53–66 (2010)

    Article  Google Scholar 

  8. Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Network-level polymorphic shellcode detection using emulation. J. Comput. Virol. 2(4), 257–274 (2006)

    Article  Google Scholar 

  9. Leita, C., Dacier, M.: SGNET: A Distributed Infrastructure to Handle Zero-day Exploits. Research report, EURECOM institute (2007)

    Google Scholar 

  10. Ting, C., Xiaosong, Z., Zhi, L.: A hybrid detection approach for zero-day polymorphic shellcodes. In: International Conference on E-Business and Information System Security, pp. 1–5. IEEE, Wuhan (2009)

    Google Scholar 

  11. Li, Z., Sanghi, M., Chen, Y., Kao M.Y., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Symposium on Security and Privacy, pp. 15–47. IEEE, Oakland (2006)

    Google Scholar 

  12. A 0-Day Attack Lasts On Average 10 Months. http://hackmageddon.com/2012/10/19/a-0-day-attack-lasts-on-average-10-months/

  13. Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Emulation-based detection of non-self-contained polymorphic shellcode. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 87–106. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Alazab, M., Venkatraman, S., Watters, P., Alazab, M.: Zero-day malware detection based on supervised learning algorithms of api call signatures. In: Proceedings of the 9th IEEE Australasian Data Mining Conference (AusDM 2011), Australia, pp. 171–182 (2011)

    Google Scholar 

  15. Aleroud, A., Karabtis G.: A contextual anomaly detection approach to discover zero-day attacks. In: IEEE International Conference on Cyber Security (CYBERSECURITY 2012), pp. 40–15, Washington (2012)

    Google Scholar 

  16. Jain, P., Sardana, A., Defending against internet worms using honeyfarm. In: CUBE International Information Technology Conference (CUBE 2012), Pune, India, pp. 795–800. ACM Press, New York (2012)

    Google Scholar 

  17. Comar, P.M., Liu, L., Saha, S., Tan, P.N., Nucci A.: Combining supervised and unsupervised learning for zero-day malware detection. In: Proceedings of INFOCOM, pp. 2022–2030. IEEE Press, Turin (2013)

    Google Scholar 

  18. Aleroud, A., Karabatis G.: Toward zero-day attack identification using linear data transformation techniques. In: Proceedings of the 7th IEEE International Conference on Software Security and Reliability (SERE 2013), pp. 159–168. IEEE Press, MD (2013)

    Google Scholar 

  19. Kim, I., et al.: A case study of unknown attack detection against zero-day worm in the honeynet environment. In: Proceedings of the 11th IEEE International Conference on Advanced Communication Technology (ICACT 2009), pp. 1715–1720. IEEE Press, Ireland (2009)

    Google Scholar 

  20. Sophos Security Threat Report of 2014. http://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf

  21. Kaur, R., Singh, M.: Automatic evaluation and signature generation technique for thwarting zero-day attacks. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 298–309. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  22. Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. J. IEEE Commun. Surv. Tutorials 99, 1–30 (2014)

    Google Scholar 

  23. Cavallaro, L., Lanzi, A., Mayer, L., Monga, M.: Lisabeth: automated content-based signature generator for zero-day polymorphic worms. In: Proceedings of the 4th ACM International Workshop on Software Engineering for Secure Systems, pp. 41–48. ACM Press, Germany (2008)

    Google Scholar 

  24. Karp, R.M., Rabin, M.O.: Efficient randomized pattern-matching algorithms. J IBM J. Res. Dev. 31(2), 249–260 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  25. VX Heavens, VX Heavens Site. http://vxheaven.org/

Download references

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Thapar University, Patiala, 147004, India

    Ratinder Kaur & Maninder Singh

Authors
  1. Ratinder Kaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maninder Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ratinder Kaur .

Editor information

Editors and Affiliations

  1. University of Málaga, Malaga, Spain

    Javier Lopez

  2. Colorado State University, Fort Collins, Colorado, USA

    Indrajit Ray

  3. University of Trento, Trento, Italy

    Bruno Crispo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kaur, R., Singh, M. (2015). Two-Level Automated Approach for Defending Against Obfuscated Zero-Day Attacks. In: Lopez, J., Ray, I., Crispo, B. (eds) Risks and Security of Internet and Systems. CRiSIS 2014. Lecture Notes in Computer Science(), vol 8924. Springer, Cham. https://doi.org/10.1007/978-3-319-17127-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17127-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17126-5

  • Online ISBN: 978-3-319-17127-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation