Abstract
We propose security architecture to detect and prevent zero day attacks and techniques to deal with the polymorphic and metamorphic behaviour of the attacks. The components of our architecture are designed to deal with different types of malicious behaviour. The entity validation component is used for capturing information of the operating system and applications running in the virtual machines, secure logging and detection of attacks that are generated with spoofed source address. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour of the entities by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of hidden processes, detection of zero day attacks and fine granular isolation of malicious process that is generating the attack traffic. After a zero day attack is detected, interactive VM technique is used to determine if the zero day attack exhibits polymorphic or metamorphic behaviour and develop attack signatures to deal with the attacks efficiently.
| Original language | English |
|---|---|
| Title of host publication | IWCMC 2011 - 7th International Wireless Communications and Mobile Computing Conference |
| Place of Publication | Piscataway, NJ |
| Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
| Pages | 442-447 |
| Number of pages | 6 |
| ISBN (Print) | 9781424495399 |
| DOIs | |
| Publication status | Published - 2011 |
| Event | 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 - Istanbul, Turkey Duration: 4 Jul 2011 → 8 Jul 2011 |
Other
| Other | 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 |
|---|---|
| Country/Territory | Turkey |
| City | Istanbul |
| Period | 4/07/11 → 8/07/11 |