Zero day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities

Authors

  • Umesh Kumar Singh School of Engineering and Technology, Vikram University, Ujjain, M.P. India
  • Chanchala Joshi Institute of Computer Science, Vikram University Ujjain, M.P. India
  • Suyash Kumar Singh Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya, Indore, M.P. India

Keywords:

zero day attacks, unknown vulnerabilities, detection system, malware analysis, network security

Abstract

Every organization connected to the internet has one common threat of zero-day attacks. Zero-day exploits are unnoticed until a specific vulnerability is actually identified and reported. Zero-day attacks are difficult to defend against because it is mostly detected only after it has completed its course of action. Protecting networks, applications and systems from zero-day attacks is the daunting task for organization’s security persons. This paper analyzed the research efforts in relation to detection of zero-day attacks. The fundamental limitations of existing approaches are the signature generation of unknown activities and the false alarming rate of anomalous behavior. To overcome these issues, this paper proposes a new approach for zero-day attacks analysis and detection, which senses the organization’s network and monitors the behavioral activity of zero-day exploit at each and every stage of their life cycle. The proposed approach in this paper provides a machine learning based framework to sense network traffic that detects anomalous behavior of network in order to identify the presence of zero-day exploit. The proposed framework uses supervised classification schemes for assessment of known classes with the adaptability of unsupervised classification in order to detect the new dimension of classification.

References

detecting zero-day polymorphic worms," Advance Computing Conference (IACC), 2014 IEEE International, pp.95-100, 21-22 Feb. 2014.

“Internet Security Threat Report”, Internet Report Volume 21, APRIL 2016.

Kaur, R.; Singh, M., “Automatic Evaluation and Signature Generation Technique for Thwarting Zero-Day Attacks”, Second International Conference, SNDS 2014, India, pp 298-309, March 13-14, 2014.

K. Ren, C. Wang, and Q. Wang, “Security challenges for the public cloud,” IEEE Internet Computing, vol. 16, no. 1, pp. 69–73, 2012.

Y. Yang, S. Zhu, and G. Cao, “Improving sensor network immunity under worm attacks: a software diversity approach,” in Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing. ACM, 2008, pp. 149–158.

J. Caballero, T. Kampouris, D. Song, and J. Wang, “Would diversity really increase the robustness of the routing infrastructure against software defects?” in Proceedings of the Network and Distributed System Security Symposium, 2008.

White Paper, “ZERO-DAY DANGER: A Survey of Zero-Day Attacks and What They Say About the Traditional Security Model”, FireEye Security Raimagined, 2015.

L. Wang, M. Zhang, S. Jajodia, A. Singhal, and M. Albanese, “Modeling network diversity for evaluating the robustness of networks against zeroday attacks,” in Proceedings of ESORICS’14, 2014, pp. 494–511.

A. AlEroud, G. Karabatis, “Toward Zero-day Attack Identification Using Linear Data Transformation Techniques”, IEEE 7th International Conference on Software Security and Reliability, pp 161-168, 18 - 20 Jun 2013.

T. Leinster and C. Cobbold, “Measuring diversity: the importance of species similarity,” Ecology, vol. 93, no. 3, pp. 477–489, 2012.

L. Bilge, T. Dumitras, “Before we knew it: an empirical study of zero-day attacks in the real world”, CCS `12 Proceedings of the 2012 ACM conference on Computer and communications security, pp 833-844, Raleigh, North Carolina, USA — October 16 - 18, 2012.

M. Rathor, D. M. Dakhane, “Predicting Unknown Vulnerabilies in Network Using K- zero Day Safety Technique”, International Journal of Advanced Research in Computer Science and Software Engineering 5 (4), pp. 221-224, April- 2015.

C. Joshi, U.K. Singh, “A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System”. International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.

C. Joshi, U.K. Singh, “ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies”. International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36

C. Joshi and U. Singh, “Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape” International Journal of Computer Application (IJCA, 0975 – 8887), Volume 145 No 2, pp. 1-7, July 2016.

C. Joshi, and U. K Singh, “Performance Evaluation of Web Application Security Scanners for More Effective Defense” International Journal of Scientific and Research Publications (IJSRP), Volume 6, Issue 6, pp 660-667, June 2016, ISSN 2250-3153.

Z. Li, M. Sanghi, Y. Chen, “Hamsa∗: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience”, Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P’06).

M. Frigault, L. Wang, A. Singhal, and S. Jajodia, “Measuring network security using dynamic bayesian network,” in Proceedings of 4th ACM QoP, 2008.

A. Lelli. (2010, Jan.) The trojan. hydraq incident: Analysis of the aurora 0-day exploit, Available: http://www.symantec.com/connect/blogs/trojanhydraq-incidentanalysis-aurora-0-day-exploit

N. Falliere, L. O. Murchu, and E. Chien.(2011, Feb.) W32.stuxnet dossier, Available: http://www.h4ckr.us/library/Documents/ICSEvents/Stuxnet%20Dossier%20(Symantec)%20v1.4.pdf

Symantec. (2011, Nov.) W32.duqu the precursor to the next stuxnet, Available: http://www.symantec.com/content/en/us/enterprise/media/s ecurity response/whitepapers/w32 duqu the precursor to the next stuxnet.pdf

R. Goyal and P. Watters, “Obfuscation of stuxnet and flame malware,” in Proc. 3rd Int. Conf. on Applied Informatics and Computing Theory, pp. 150–154, Barcelona, Oct. 2012.

“McAfee Labs 2017 Threats Predictions”, Intel Security, November 2016.

P. Ammann, D. Wijesekera, and S. Kaushik, “Scalable, graph-based network vulnerability analysis,” in Proceedings of ACM CCS’02, 2002.

D. Hammarberg, “The Best Defenses against Zero-day Exploits for Various-sized Organizations”, SANS Institute InfoSec Reading Room, September 21st 2014.

M. Albanese, S. Jajodia, and S. Noel, “A time-efficient approach to cost-effective network hardening using attack graphs,” in Proceedings of DSN’12, 2012, pp. 1–12.

Y. Alosefer, O.F. Rana, "Predicting client-side attacks via behavior analysis using honeypot data", Next Generation Web Services Practices (NWeSP), 2011 7th International Conference on Next Generation Web Services Practices, pp.31,36, 19-21 Oct. 2011.

I. Kim, K. Kim, “A Case Study of Unknown Attack Detection against Zero-day Worm in the HoneyNet Environment”, 11th International Conference on Advanced Communication Technology (ICACT), pp 1715-1720, 15 - 18 Feb 2009.

Downloads

Published

2017-02-28

How to Cite

[1]
U. K. Singh, C. Joshi, and S. K. Singh, “Zero day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities”, Int. J. Sci. Res. Comp. Sci. Eng., vol. 5, no. 1, pp. 13–18, Feb. 2017.

Issue

Vol. 5 No. 1 (2017): February

Section

Review Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.