Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks (Hardcover)

Mohssen Mohammed, Al-Sakib Khan Pathan

買這商品的人也買了...

商品描述

Able to propagate quickly and change their payload with each infection, polymorphic worms have been able to evade even the most advanced intrusion detection systems (IDS). And, because zero-day worms require only seconds to launch flooding attacks on your servers, using traditional methods such as manually creating and storing signatures to defend against these threats is just too slow.

Bringing together critical knowledge and research on the subject, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks details a new approach for generating automated signatures for unknown polymorphic worms. It presents experimental results on a new method for polymorphic worm detection and examines experimental implementation of signature-generation algorithms and double-honeynet systems.

If you need some background, the book includes an overview of the fundamental terms and concepts in network security, including the various security models. Clearing up the misconceptions about the value of honeypots, it explains how they can be useful in securing your networks, and identifies open-source tools you can use to create your own honeypot. There’s also a chapter with references to helpful reading resources on automated signature generation systems.

The authors describe cutting-edge attack detection approaches and detail new algorithms to help you generate your own automated signatures for polymorphic worms. Explaining how to test the quality of your generated signatures, the text will help you develop the understanding required to effectively protect your communication networks. Coverage includes intrusion detection and prevention systems (IDPS), zero-day polymorphic worm collection methods, double-honeynet system configurations, and the implementation of double-honeynet architectures.

商品描述(中文翻譯)

能夠快速傳播並在每次感染中更改其載荷,多態蠕蟲甚至能夠逃避最先進的入侵檢測系統(IDS)。而且,由於零日蠕蟲只需要幾秒鐘就能對您的伺服器發動洪水攻擊,使用傳統方法(例如手動創建和存儲簽名)來防禦這些威脅就太慢了。

《通信網絡中自動防禦零日多態蠕蟲》匯集了關於這一主題的重要知識和研究,詳細介紹了一種用於生成未知多態蠕蟲自動簽名的新方法。它提供了關於多態蠕蟲檢測的新方法的實驗結果,並檢查了簽名生成算法和雙蜜罐系統的實驗實施。

如果您需要一些背景知識,本書包括了網絡安全中基本術語和概念的概述,包括各種安全模型。它澄清了關於蜜罐價值的誤解,解釋了它們在保護網絡方面的用途,並指出了您可以使用的開源工具來創建自己的蜜罐。還有一章提供了有關自動簽名生成系統的有用參考資料。

作者描述了尖端的攻擊檢測方法,並詳細介紹了幫助您生成自己的多態蠕蟲自動簽名的新算法。解釋了如何測試生成的簽名的質量,本書將幫助您發展所需的理解,以有效保護您的通信網絡。內容包括入侵檢測和預防系統(IDPS)、零日多態蠕蟲收集方法、雙蜜罐系統配置以及雙蜜罐架構的實施。