Name
Abstract | ||
|---|---|---|
Low-interaction honeyclients employ static detection techniques such as signatures, heuristic or anomaly detection in the identification of malicious websites. They are associated with low detection rate and failure to identify zero-day and obfuscated attacks. This paper presents a low-interaction client honeypot that employs multiple signature detection engines in combination with de-obfuscation and de-minification of JavaScript code to improve the detection of attack signatures. Pattern matching in the process of identifying the static malicious code characteristics through using regular expressions, provides additional layer of detection. YALIH can achieve low false positive and false negative rate while significantly reducing scanning time and required hardware resources compared to a high interaction client honeypot. YALIH's virtual browser can handle cookies, redirection and mimic popular browser headers and imitate referrer information. Our experiments with real-world malicious websites demonstrate that similar to Web Spam, malicious websites utilize referrer tracking and cloaking techniques to deliver malicious content to selected users visiting the target domain from specific referrer websites. |
Year | Venue | Keywords |
|---|---|---|
2014 | AISC | client honeypot,design,experimentation,malicious website,measurement,network monitoring,pattern matching,performance,regular expression,security,security and protection,signature detection |
Field | DocType | Citations |
Honeypot,Anomaly detection,Cloaking,Regular expression,Computer security,Computer science,Computer network,Obfuscation,Pattern matching,Spamdexing,JavaScript | Conference | 4 |
PageRank | References | Authors |
0.40 | 12 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Masood Mansoori | 1 | 13 | 3.78 |
| Ian S. Welch | 2 | 120 | 18.53 |
| Qiang Fu | 3 | 6 | 1.44 |