Christian Seifert
Ian Welch
ABSTRACT
We present the design and analysis of a new algorithm for high interaction client honeypots for finding malicious servers on a network. The algorithm uses the divide-and-conquer paradigm and results in a considerable performance gain over the existing sequential algorithm. The performance gain not only allows the client honeypot to inspect more servers with a given set of identical resources, but it also allows researchers to increase the classification delay to investigate false negatives incurred by the use of artificial time delays in current solutions.
- Aladdin eSafe CSRT 2005 Malicious Code Report: The big Threats Shift, 2006.Google Scholar
- L. A. Gordon, M. P. Leob, W. Lucyshyn, and R. Richardson. CSI/FBI Computer Crime and Security Survey, 2006.Google Scholar
- A. Moshchuk, T. Bragin, S. D. Gribble, and H. M. Levy. A Crawler-based Study of Spyware on the Web. In 13th Annual Network and Distributed System Security Symposium, San Diego, 2006. The Internet Society.Google Scholar
- C. Seifert, R. Steenson, T. Holz, Y. Bing, and M. A. Davis. Know your enemy: Malicious web servers, 2007.Google Scholar
- C. Seifert, I. Welch, and P. Komisarczuk. HoneyC - The Low-Interaction Client Honeypot. In NZCSRCS, Hamilton, 2007.Google Scholar
- R. Steenson and C. Seifert. Capture - Honeypot Client, 2006. Available from http://www.nz-honeynet.org/capture.html; accessed on 22 February 2007.Google Scholar
- K. Wang. HoneyClient, 2005. Available from http://www.honeyclient.org/trac; accessed on 2 Janurary 2007.Google Scholar
- Y.-M. Wang. Personal Communication, 2006.Google Scholar
- Y.-M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King. Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities. In 13th Annual Network and Distributed System Security Symposium, San Diego, 2006. Internet Society.Google Scholar
- C. Willems, T. Holz, and F. Freiling. Toward Automated Dynamic Malware Analysis Using CWSandbox. IEEE Security and Privacy, 5(2):32--39, 2007. Google ScholarDigital Library
- T. Yu, F. Gua, S. Nanda, L.-c. Lam, and T.-c. Chiueh. A Feather-weight Virtual Machine for Windows Applications. In Second International Conference on Virtual Execution Environments, pages 24--34, Ottawa, 2006. ACM. Google ScholarDigital Library
- B. Yuan. Client-side honeypots. Master's thesis, University of Mannheim, 2007.Google Scholar
Index Terms
- Application of divide-and-conquer algorithm paradigm to improve the detection speed of high interaction client honeypots
Recommendations
An efficient visitation algorithm to improve the detection speed of high-interaction client honeypots
RACS '11: Proceedings of the 2011 ACM Symposium on Research in Applied ComputationDrive-by-download attacks are client-side attacks that originate from web servers that are visited by web browsers. While many web browsers are vulnerable to the drive-by-download attacks, the cost of detecting malicious web pages that launch drive-by-...
Collecting Autonomous Spreading Malware Using High-Interaction Honeypots
Information and Communications SecurityAbstractAutonomous spreading malware in the form of worms or bots has become a severe threat in today’s Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop ...
Scalable and Performance-Efficient Client Honeypot on High Interaction System
SAINT '12: Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the InternetWe investigated client honeypots for detecting and circumstantially analyzing drive-by download attacks. A client honeypot requires both improved inspection performance and in-depth analysis for inspecting and discovering malicious websites. However, OS ...
Comments