Paper Info
Title
Collecting autonomous spreading malware using high-interaction honeypots
Abstract
Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop antivirus signatures. In this paper, we present an integrated toolkit called HoneyBow, which is able to collect autonomous spreading malware in an automated manner using high-interaction honeypots. Compared to low-interaction honeypots, HoneyBow has several advantages due to a wider range of captured samples and the capability of collecting malware which propagates by exploiting new vulnerabilities. We validate the properties of HoneyBow with experimental data collected during a period of about nine months, in which we collected thousands of malware binaries. Furthermore, we demonstrate the capability of collecting new malware via a case study of a certain bot.
Year
Venue
Keywords
2007
ICICS
automated manner,new malware,high-interaction honeypots,certain bot,malware binary,antivirus signature,experimental data,case study,integrated toolkit,new vulnerability,malware,intrusion detection systems,honeypots,intrusion detection system
Field
DocType
Volume
Honeypot,Computer security,Computer science,Computer network,Malware,Intrusion detection system,The Internet
Conference
4681
ISSN
ISBN
Citations 
0302-9743
3-540-77047-X
16
PageRank 
References 
Authors
1.84
8
5
Name
Order
Citations
PageRank
Jianwei Zhuge115513.86
T HORSTEN HOLZ23532232.93
Xinhui Han319511.44
Chengyu Song441230.15
Wei Zou563734.40