Detecting malicious web servers with honeyclients

Mahmoud T. Qassrawi; Hongli Zhang

doi:10.4304/jnw.6.1

Detecting malicious web servers with honeyclients

Mahmoud T. Qassrawi
, Hongli Zhang

School of Computer Science and Technology, Harbin Institute of Technology

Research output: Contribution to journal › Article › peer-review

11 Scopus citations

Abstract

Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect attacks against end user. One of these technologies is honeyclient (aka client honeypot). Honeyclients crawl the Internet to find and identify web servers that exploit clientside vulnerabilities. In this paper, we address honeyclients by studying and analyzing low-interaction and highinteraction honeyclients. We introduce a comparison attributes to evaluate honeyclients by comparing between the two types. Moreover, we present techniques can be used by malicious websites to evade and fingerprint honeyclients, and we make recommendations to overcome these evasion techniques. By analyzing characteristics of honeyclients, we introduce factors to define and measure honeyclients effectiveness.

Original language	English
Pages (from-to)	145-152
Number of pages	8
Journal	Journal of Networks
Volume	6
Issue number	1
DOIs	https://doi.org/10.4304/jnw.6.1
State	Published - 2011
Externally published	Yes

Keywords

0-day Attack
Client-side attacks
Crawler
Honeyclient
Malicious website

Access to Document

10.4304/jnw.6.1

Cite this

@article{65416e5de23048e1bf7657a92c0cf80f,

title = "Detecting malicious web servers with honeyclients",

abstract = "Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect attacks against end user. One of these technologies is honeyclient (aka client honeypot). Honeyclients crawl the Internet to find and identify web servers that exploit clientside vulnerabilities. In this paper, we address honeyclients by studying and analyzing low-interaction and highinteraction honeyclients. We introduce a comparison attributes to evaluate honeyclients by comparing between the two types. Moreover, we present techniques can be used by malicious websites to evade and fingerprint honeyclients, and we make recommendations to overcome these evasion techniques. By analyzing characteristics of honeyclients, we introduce factors to define and measure honeyclients effectiveness.",

keywords = "0-day Attack, Client-side attacks, Crawler, Honeyclient, Malicious website",

author = "Qassrawi, \{Mahmoud T.\} and Hongli Zhang",

year = "2011",

doi = "10.4304/jnw.6.1",

language = "英语",

volume = "6",

pages = "145--152",

journal = "Journal of Networks",

issn = "1796-2056",

publisher = "Academy Publisher",

number = "1",

}

TY - JOUR

T1 - Detecting malicious web servers with honeyclients

AU - Qassrawi, Mahmoud T.

AU - Zhang, Hongli

PY - 2011

Y1 - 2011

N2 - Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect attacks against end user. One of these technologies is honeyclient (aka client honeypot). Honeyclients crawl the Internet to find and identify web servers that exploit clientside vulnerabilities. In this paper, we address honeyclients by studying and analyzing low-interaction and highinteraction honeyclients. We introduce a comparison attributes to evaluate honeyclients by comparing between the two types. Moreover, we present techniques can be used by malicious websites to evade and fingerprint honeyclients, and we make recommendations to overcome these evasion techniques. By analyzing characteristics of honeyclients, we introduce factors to define and measure honeyclients effectiveness.

AB - Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect attacks against end user. One of these technologies is honeyclient (aka client honeypot). Honeyclients crawl the Internet to find and identify web servers that exploit clientside vulnerabilities. In this paper, we address honeyclients by studying and analyzing low-interaction and highinteraction honeyclients. We introduce a comparison attributes to evaluate honeyclients by comparing between the two types. Moreover, we present techniques can be used by malicious websites to evade and fingerprint honeyclients, and we make recommendations to overcome these evasion techniques. By analyzing characteristics of honeyclients, we introduce factors to define and measure honeyclients effectiveness.

KW - 0-day Attack

KW - Client-side attacks

KW - Crawler

KW - Honeyclient

KW - Malicious website

UR - https://www.scopus.com/pages/publications/79551627398

U2 - 10.4304/jnw.6.1

DO - 10.4304/jnw.6.1

M3 - 文章

AN - SCOPUS:79551627398

SN - 1796-2056

VL - 6

SP - 145

EP - 152

JO - Journal of Networks

JF - Journal of Networks

IS - 1

ER -

Detecting malicious web servers with honeyclients

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this