Detection and Prevention of New and Unknown Malware using Honeypots

TL;DR

This paper proposes a novel honeypot-based system to detect, analyze, and rapidly broadcast cures for new and unknown malware, enhancing network security by enabling quick response to emerging threats.

Contribution

It introduces a system that uses honeypots to generate and broadcast real-time anti-malware signatures for unknown threats, improving upon traditional detection methods.

Findings

Honeypots can be used to generate instant malware cures.

The system can provide early protection against new malware.

Rapid dissemination of cures can limit malware spread.

Abstract

Security has become ubiquitous in every domain today as newly emerging malware pose an ever-increasing perilous threat to systems. Consequently, honeypots are fast emerging as an indispensible forensic tool for the analysis of malicious network traffic. Honeypots can be considered to be traps for hackers and intruders and are generally deployed complimentary to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) in a network. They help system administrators perform a rigorous analysis of external and internal attacks on their networks. They are also used by security firms and research labs to capture the latest variants of malware. However, honeypots would serve a slightly different purpose in our proposed system. We intend to use honeypots for generating and broadcasting instant cures for new and unknown malware in a network. The cures which will be in the form of on-the-fly anti-malware signatures would spread in a fashion that is similar to the way malware spreads across networks. The most striking advantage of implementing this technology is that an effective initial control can be exercised on malware. Proposed system would be capable of providing cures for new fatal viruses which have not yet been discovered by prime security firms of the world.