Abstract | ||
---|---|---|
Many malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to understand how attackers find, compromise, and misuse vulnerable servers. Specifically, we present heat-seeking honeypots that actively attract attackers, dynamically generate and deploy honeypot pages, then analyze logs to identify attack patterns. Over a period of three months, our deployed honeypots, despite their obscure location on a university network, attracted more than 44,000 attacker visits from close to 6,000 distinct IP addresses. By analyzing these visits, we characterize attacker behavior and develop simple techniques to identify attack traffic. Applying these techniques to more than 100 regular Web servers as an example, we identified malicious queries in almost all of their logs. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1145/1963405.1963437 | WWW |
Keywords | Field | DocType |
attack pattern,attacker behavior,misuse vulnerable server,heat-seeking honeypots,regular web server,web security,malicious query,honeypots,attacker visit,web server,vulnerable server,malicious activity,attack traffic | Honeypot,Internet security,World Wide Web,Attack patterns,Computer science,Computer security,Server,Compromise,Web server | Conference |
Citations | PageRank | References |
14 | 0.95 | 9 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
John P. John | 1 | 500 | 28.15 |
Fang Yu | 2 | 733 | 42.23 |
Yinglian Xie | 3 | 1140 | 76.73 |
Arvind Krishnamurthy | 4 | 4540 | 312.24 |
Martín Abadi | 5 | 12074 | 1324.31 |