Article

Shellcode Detection in IPv6 Networks with HoneydV6

Authors:

Sven Schindler,

Oliver Eggert,

Bettina Schnor,

Thomas SchefflerAuthors Info & Claims

ICETE 2014: Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4

Pages 198 - 205

https://doi.org/10.5220/0005016801980205

Published: 28 August 2014 Publication History

Abstract

More and more networks and services are reachable via IPv6 and the interest for security monitoring of these IPv6 networks is increasing. Honeypots are valuable tools to monitor and analyse network attacks. HoneydV6 is a low-interaction honeypot which is well suited to deal with the large IPv6 address space, since it is capable of simulating a large number of virtual hosts on a single machine. This paper presents an extension for HoneydV6 which allows the detection, extraction and analyses of shellcode contained in IPv6 network attacks. The shellcode detection is based on the open source library libemu and combined with the online malware analysis tool Anubis. We compared the shellcode detection rate of HoneydV6 and Dionaea. While HoneydV6 is able to detect about 25 % of the malicious samples, the Dionaea honeypot detects only about 6 %.

Index Terms

Shellcode Detection in IPv6 Networks with HoneydV6
1. Security and privacy

Recommendations

A new worm exploiting IPv4-IPv6 dual-stack networks
WORM '07: Proceedings of the 2007 ACM workshop on Recurring malcode

It is commonly believed that the IPv6 protocol can provide good protection against network worms due to its huge address space. However, it is proved to be incorrect by our study on the new "dual-stack worm" which can spread in IPv4-IPv6 dual-stack ...
Classification of Botnet Detection Based on Botnet Architechture
CSNT '12: Proceedings of the 2012 International Conference on Communication Systems and Network Technologies

Nowadays, Botnets pose a major threat to the security of online ecosystems and computing assets. A Botnet is a network of computers which are compromised under the influence of Bot (malware) code. This paper clarifies Botnet phenomenon and discusses ...
An Adaptive Honeypot System to Capture IPv6 Address Scans
CYBERSECURITY '12: Proceedings of the 2012 International Conference on Cyber Security

The vastness of IPv6 address space and rapid spread of its deployment attract us to usage of IPv6 network. Various types of devices, including embedded systems, are ready to use IPv6 addresses and some of them have already been connected directly to the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICETE 2014: Proceedings of the 11th International Joint Conference on e-Business and Telecommunications - Volume 4

August 2014

509 pages

ISBN:9789897580451

Editors:
Mohammad Obaidat
Fordham University
,
Andreas Holzinger
Medical University Graz
,
Pierangela Samarati
Università degli Studi di Milano

Publisher

SCITEPRESS - Science and Technology Publications, Lda

Setubal, Portugal

Publication History

Published: 28 August 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Index Terms

Recommendations

A new worm exploiting IPv4-IPv6 dual-stack networks

Classification of Botnet Detection Based on Botnet Architechture

An Adaptive Honeypot System to Capture IPv6 Address Scans

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations