Paper Info
Title
Efficient Detection of Malicious Web Pages Using High-Interaction Client Honeypots.
Abstract
Drive-by-download attacks are client-side attacks that originate from web servers clients visit. High-interaction client honeypots identify malicious web pages by directly visiting the web pages and are very useful. However, they still have shortcomings that must be addressed: long inspection time and possibility of not detecting certain attacks such as time bombs. To address these problems, we propose a new detection method to identify web pages with time bombs. The proposed method introduces a pattern-based static analysis for detecting time bombs efficiently. A high-interaction client honeypot performs the static analysis before carrying out execution-based dynamic analysis. The static analysis classifies sample web pages into two groups, the first one assumed to be time-bombs and the second one assumed to be no time-bombs. We then perform dynamic analysis for the first using sequential visitation algorithm with long classification delay and for the second using divide-and-conquer visitation algorithm with short classification delay. Experimental results demonstrate that our method is more accurate and costs less than conventional methods.
Year
DOI
Venue
2012
10.6688/JISE.2012.28.5.6
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING
Keywords
Field
DocType
high-interaction client honeypot,malicious web page,visitation algorithm,logarithmic divide-and-conquer (LDAC) algorithm,detection method,time bombs,static analysis
Honeypot,Inspection time,Web page,Computer science,Static analysis,Computer network,Web server
Journal
Volume
Issue
ISSN
28
5
1016-2364
Citations 
PageRank 
References 
0
0.34
0
Authors
5
Name
Order
Citations
PageRank
Hong-Geun Kim1113.70
Dongjin Kim2133.31
Seong-Je Cho312427.85
Moonju Park43410.26
Minkyu Park59725.21