Abstract | ||
---|---|---|
Drive-by-download attacks are client-side attacks that originate from web servers clients visit. High-interaction client honeypots identify malicious web pages by directly visiting the web pages and are very useful. However, they still have shortcomings that must be addressed: long inspection time and possibility of not detecting certain attacks such as time bombs. To address these problems, we propose a new detection method to identify web pages with time bombs. The proposed method introduces a pattern-based static analysis for detecting time bombs efficiently. A high-interaction client honeypot performs the static analysis before carrying out execution-based dynamic analysis. The static analysis classifies sample web pages into two groups, the first one assumed to be time-bombs and the second one assumed to be no time-bombs. We then perform dynamic analysis for the first using sequential visitation algorithm with long classification delay and for the second using divide-and-conquer visitation algorithm with short classification delay. Experimental results demonstrate that our method is more accurate and costs less than conventional methods. |
Year | DOI | Venue |
---|---|---|
2012 | 10.6688/JISE.2012.28.5.6 | JOURNAL OF INFORMATION SCIENCE AND ENGINEERING |
Keywords | Field | DocType |
high-interaction client honeypot,malicious web page,visitation algorithm,logarithmic divide-and-conquer (LDAC) algorithm,detection method,time bombs,static analysis | Honeypot,Inspection time,Web page,Computer science,Static analysis,Computer network,Web server | Journal |
Volume | Issue | ISSN |
28 | 5 | 1016-2364 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Hong-Geun Kim | 1 | 11 | 3.70 |
Dongjin Kim | 2 | 13 | 3.31 |
Seong-Je Cho | 3 | 124 | 27.85 |
Moonju Park | 4 | 34 | 10.26 |
Minkyu Park | 5 | 97 | 25.21 |