Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients
نویسندگان
چکیده
Client-side attacks are on the rise: malicious websites that exploit vulnerabilities in the visitor’s browser are posing a serious threat to client security, compromising innocent users who visit these sites without having a patched web browser. Currently, there is neither a freely available comprehensive database of threats on the Web nor sufficient freely available tools to build such a database. In this work, we introduce the Monkey-Spider project [Mon]. Utilizing it as a client honeypot, we portray the challenge in such an approach and evaluate our system as a high-speed, Internetscale analysis tool to build a database of threats found in the wild. Furthermore, we evaluate the system by analyzing different crawls performed during a period of three months and present the lessons learned.
منابع مشابه
Detecting Malicious Web Servers with Honeyclients
Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect attacks against end user. One of these technologies is honeyclient (aka client honeypot). Honeyclients crawl the Internet to find and identify web servers that exploit clientside vulnerabilities. In this paper, we address h...
متن کاملYALIH, Yet Another Low Interaction Honeyclient
Low-interaction honeyclients employ static detection techniques such as signatures, heuristic or anomaly detection in the identification of malicious websites. They are associated with low detection rate and failure to identify zero-day and obfuscated attacks. This paper presents a low-interaction client honeypot that employs multiple signature detection engines in combination with de-obfuscati...
متن کاملEscape from Monkey Island: Evading High-Interaction Honeyclients
High-interaction honeyclients are the tools of choice to detect malicious web pages that launch drive-by-download attacks. Unfortunately, the approach used by these tools, which, in most cases, is to identify the side-effects of a successful attack rather than the attack itself, leaves open the possibility for malicious pages to perform evasion techniques that allow one to execute an attack wit...
متن کاملInteractive Website Filter for Safe Web Browsing
Though popularly used for safe web browsing, blacklist-based filters have fundamental limitation in the “window of vulnerability”, the time between malicious website launch and blacklist update. An effective way of seamless protection is to use an add-on filter based on heuristics, but most of prior heuristics have offered the limited scope of protection against new attacks. Moreover, they have...
متن کاملThrowing a MonkeyWrench into Web Attackers Plans
Client-based attacks on internet users with malicious web pages represent a serious and rising threat. Internet Browsers with enabled active content technologies such as JavaScript are vulnerable to so-called drive-by downloads. Drive-by downloads are able to automatically infect a victim's system during a single visit of a crafted web page testing various vulnerabilities and installing e.g. ma...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008