Browse > Article

Execution-based System and Its Performance Analysis for Detecting Malicious Web Pages using High Interaction Client Honeypot  

Kim, Min-Jae (단국대학교 컴퓨터학과 컴퓨터과학)
Chang, Hye-Young (단국대학교 정보컴퓨터과학과 컴퓨터과학)
Cho, Seong-Je (단국대학교 공과대학 컴퓨터학부)
Publication Information
Journal of KIISE:Computing Practices and Letters / v.15, no.12, 2009 , pp. 1003-1007 More about this Journal
Abstract
Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.
Keywords
Drive-by download; High interaction client honeypot; Virtual machine; Execution-based detection; Performance analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Alexander Moshchuk, Tanya Bragin, et. al., "A Crawler-based Study of Spyware on the Web," Proc. of the 2008 Networks and Distributed System Security Symposium, pp.17-33, Feb. 2006
2 Christian Seifert, “Know Your Enemy: Malicious Web Servers,” The Honeynet Project, KYE paper, Aug. 2007
3 VMCraft web site 가상 머신의 구성 및 분류 http://www.vmcraft.com/technology/vm.vm
4 J. Zhuge, T. Holz, J. Guo, X. Han, and W. Zou, “Studying Malicious Websites and the Under-ground Economy on the Chinese Web,” Proc. qf the 2008 Workshop on the Economics of Informa-tion Security, June 2008
5 N. Proves, D. McNamee, et. al., “The Ghost In The Browser Analysis of Web-based Malware,” Proc. of the first USENIX workshop on hot topics in Botnets, Apr. 2007
6 Niels Provos, Google's Anti-Malware Team, “All Your iFrame Are Point to Us,” Google Technical Report provos-2008a, February 11, 2008
7 Yi-Min Wang, Doug Beck, et. al., “Automated Web Patrol with Strider HoneyMonkeys,” Proc. of the Networks and Distributed System Security Symposium, pp.35-49, Feb. 2006
8 Kathy Wang, “Using Honeyclients for Detection an Response Against New Attacks,” MITRE
9 Yi-Min, et. al., “Strider HoneyMonkeys: Active, Client-Side Honeypots for Finding Malicious Web-sites,” Appear in IEEE Transactions on Computers