Mitigating Threats in a Corporate Network with a Taintcheck-Enabled Honeypot

Conventional network security tools such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), anti-virus, antispyware and anti-malware integrated with firewalls generate a lot of false positives that make computer network system administration cumbersome. This paper proposes a novel mechanism comprising of taintcheck for dynamic analysis of buffer overflow attack using synthetic exploit and hybrid honeypot for scanning, detecting, identifying attackers and signature generation. In this framework, Noah's attack detection is used as a template. Upon testing, the practicality of the proposed framework was found to be more effective than other conventional network security tools as it effectively and comprehensively mitigates against threats and reported zero-day attacks with fewer false positives.