• Title/Summary/Keyword: 고 상호작용 클라이언트 허니팟

Search Result 1, Processing Time 0.015 seconds

Execution-based System and Its Performance Analysis for Detecting Malicious Web Pages using High Interaction Client Honeypot (고 상호작용 클라이언트 허니팟을 이용한 실행 기반의 악성 웹 페이지 탐지 시스템 및 성능 분석)

  • Kim, Min-Jae;Chang, Hye-Young;Cho, Seong-Je
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.15 no.12
    • /
    • pp.1003-1007
    • /
    • 2009
  • Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.