Zero day Attacks Defense Technique for Protecting System against Unknown Vulnerabilities

Umesh Kumar Singh¹ , Chanchala Joshi² , Suyash Kumar Singh³

Section:Review Paper, Product Type: Isroset-Journal
Vol.5 , Issue.1 , pp.13-18, Feb-2017

Online published on Feb 28, 2017

Copyright © Umesh Kumar Singh, Chanchala Joshi, Suyash Kumar Singh . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
Every organization connected to the internet has one common threat of zero-day attacks. Zero-day exploits are unnoticed until a specific vulnerability is actually identified and reported. Zero-day attacks are difficult to defend against because it is mostly detected only after it has completed its course of action. Protecting networks, applications and systems from zero-day attacks is the daunting task for organization’s security persons. This paper analyzed the research efforts in relation to detection of zero-day attacks. The fundamental limitations of existing approaches are the signature generation of unknown activities and the false alarming rate of anomalous behavior. To overcome these issues, this paper proposes a new approach for zero-day attacks analysis and detection, which senses the organization’s network and monitors the behavioral activity of zero-day exploit at each and every stage of their life cycle. The proposed approach in this paper provides a machine learning based framework to sense network traffic that detects anomalous behavior of network in order to identify the presence of zero-day exploit. The proposed framework uses supervised classification schemes for assessment of known classes with the adaptability of unsupervised classification in order to detect the new dimension of classification.

Key-Words / Index Term :
zero day attacks, unknown vulnerabilities, detection system, malware analysis, network security

References :
detecting zero-day polymorphic worms," Advance Computing Conference (IACC), 2014 IEEE International, pp.95-100, 21-22 Feb. 2014.
[2] “Internet Security Threat Report”, Internet Report Volume 21, APRIL 2016.
[3] Kaur, R.; Singh, M., “Automatic Evaluation and Signature Generation Technique for Thwarting Zero-Day Attacks”, Second International Conference, SNDS 2014, India, pp 298-309, March 13-14, 2014.
[4] K. Ren, C. Wang, and Q. Wang, “Security challenges for the public cloud,” IEEE Internet Computing, vol. 16, no. 1, pp. 69–73, 2012.
[5] Y. Yang, S. Zhu, and G. Cao, “Improving sensor network immunity under worm attacks: a software diversity approach,” in Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing. ACM, 2008, pp. 149–158.
[6] J. Caballero, T. Kampouris, D. Song, and J. Wang, “Would diversity really increase the robustness of the routing infrastructure against software defects?” in Proceedings of the Network and Distributed System Security Symposium, 2008.
[7] White Paper, “ZERO-DAY DANGER: A Survey of Zero-Day Attacks and What They Say About the Traditional Security Model”, FireEye Security Raimagined, 2015.
[8] L. Wang, M. Zhang, S. Jajodia, A. Singhal, and M. Albanese, “Modeling network diversity for evaluating the robustness of networks against zeroday attacks,” in Proceedings of ESORICS’14, 2014, pp. 494–511.
[9] A. AlEroud, G. Karabatis, “Toward Zero-day Attack Identification Using Linear Data Transformation Techniques”, IEEE 7th International Conference on Software Security and Reliability, pp 161-168, 18 - 20 Jun 2013.
[10] T. Leinster and C. Cobbold, “Measuring diversity: the importance of species similarity,” Ecology, vol. 93, no. 3, pp. 477–489, 2012.
[11] L. Bilge, T. Dumitras, “Before we knew it: an empirical study of zero-day attacks in the real world”, CCS `12 Proceedings of the 2012 ACM conference on Computer and communications security, pp 833-844, Raleigh, North Carolina, USA — October 16 - 18, 2012.
[12] M. Rathor, D. M. Dakhane, “Predicting Unknown Vulnerabilies in Network Using K- zero Day Safety Technique”, International Journal of Advanced Research in Computer Science and Software Engineering 5 (4), pp. 221-224, April- 2015.
[13] C. Joshi, U.K. Singh, “A Review on Taxonomies of Attacks and Vulnerability in Computer and Network System”. International Journal of Advanced Research in Computer Science and Software Engineering (IJRCSSE) Volume 5, Issue 1, January 2015, pp 742-747.
[14] C. Joshi, U.K. Singh, “ADMIT- A Five Dimensional Approach towards Standardization of Network and Computer Attack Taxonomies”. International Journal of Computer Application (IJCA, 0975 – 8887), Volume 100, Issue 5, August 2014, pp 30-36
[15] C. Joshi and U. Singh, “Analysis of Vulnerability Scanners in Quest of Current Information Security Landscape” International Journal of Computer Application (IJCA, 0975 – 8887), Volume 145 No 2, pp. 1-7, July 2016.
[16] C. Joshi, and U. K Singh, “Performance Evaluation of Web Application Security Scanners for More Effective Defense” International Journal of Scientific and Research Publications (IJSRP), Volume 6, Issue 6, pp 660-667, June 2016, ISSN 2250-3153.
[17] Z. Li, M. Sanghi, Y. Chen, “Hamsa∗: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience”, Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P’06).
[18] M. Frigault, L. Wang, A. Singhal, and S. Jajodia, “Measuring network security using dynamic bayesian network,” in Proceedings of 4th ACM QoP, 2008.
[19] A. Lelli. (2010, Jan.) The trojan. hydraq incident: Analysis of the aurora 0-day exploit, Available: http://www.symantec.com/connect/blogs/trojanhydraq-incidentanalysis-aurora-0-day-exploit
[20] N. Falliere, L. O. Murchu, and E. Chien.(2011, Feb.) W32.stuxnet dossier, Available:
http://www.h4ckr.us/library/Documents/ICSEvents/Stuxnet%20Dossier%20(Symantec)%20v1.4.pdf
[21] Symantec. (2011, Nov.) W32.duqu the precursor to the next stuxnet, Available:
http://www.symantec.com/content/en/us/enterprise/media/s ecurity response/whitepapers/w32
duqu the precursor to the next stuxnet.pdf
[22] R. Goyal and P. Watters, “Obfuscation of stuxnet and flame malware,” in Proc. 3rd Int. Conf. on Applied Informatics and Computing Theory, pp. 150–154, Barcelona, Oct. 2012.
[23] “McAfee Labs 2017 Threats Predictions”, Intel Security, November 2016.
[24] P. Ammann, D. Wijesekera, and S. Kaushik, “Scalable, graph-based network vulnerability analysis,” in Proceedings of ACM CCS’02, 2002.
[25] D. Hammarberg, “The Best Defenses against Zero-day Exploits for Various-sized Organizations”, SANS Institute InfoSec Reading Room, September 21st 2014.
[26] M. Albanese, S. Jajodia, and S. Noel, “A time-efficient approach to cost-effective network hardening using attack graphs,” in Proceedings of DSN’12, 2012, pp. 1–12.
[27] Y. Alosefer, O.F. Rana, "Predicting client-side attacks via behavior analysis using honeypot data", Next Generation Web Services Practices (NWeSP), 2011 7th International Conference on Next Generation Web Services Practices, pp.31,36, 19-21 Oct. 2011.
[28] I. Kim, K. Kim, “A Case Study of Unknown Attack Detection against Zero-day Worm in the HoneyNet Environment”, 11th International Conference on Advanced Communication Technology (ICACT), pp 1715-1720, 15 - 18 Feb 2009.