Visible to the public Hybrid System to Minimize Damage by Zero-Day Attack based on NIDPS and HoneyPot

TitleHybrid System to Minimize Damage by Zero-Day Attack based on NIDPS and HoneyPot
Publication TypeConference Paper
Year of Publication2020
AuthorsJeong, J. H., Choi, S. G.
Conference Name2020 International Conference on Information and Communication Technology Convergence (ICTC)
Date PublishedOct. 2020
ISBN Number978-1-7281-6758-9
Keywordscomposability, convergence, cyber attack, defense, honeypot, information and communication technology, Metrics, Network security, NIDPS, pubcrawl, Real-time Systems, resilience, Resiliency, Zero day attacks, Zero-Day

This paper presents hybrid system to minimize damage by zero-day attack. Proposed system consists of signature-based NIDPS, honeypot and temporary queue. When proposed system receives packet from external network, packet which is known for attack packet is dropped by signature-based NIDPS. Passed packets are redirected to honeypot, because proposed system assumes that all packets which pass NIDPS have possibility of zero-day attack. Redirected packet is stored in temporary queue and if the packet has possibility of zero-day attack, honeypot extracts signature of the packet. Proposed system creates rule that match rule format of NIDPS based on extracted signatures and updates the rule. After the rule update is completed, temporary queue sends stored packet to NIDPS then packet with risk of attack can be dropped. Proposed system can reduce time to create and apply rule which can respond to unknown attack packets. Also, it can drop packets that have risk of zero-day attack in real time.

Citation Keyjeong_hybrid_2020