Title :
Predicting client-side attacks via behaviour analysis using honeypot data
Author :
Alosefer, Yaser ; Rana, Omer F.
Author_Institution :
Sch. of Comput. Sci. & Inf., Cardiff Univ., Cardiff, UK
Abstract :
In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.
Keywords :
Internet; client-server systems; computer network security; hidden Markov models; invasive software; HMM; Honeypot data; Web client; Web pages; Web server; Web-based malware; behaviour analysis; client honeypot system; client-server system; client-side attack prediction; hidden Markov model; malicious activity detection method; malicious code delivery; signature-based detection; zero-day exploits; Clustering algorithms; Hidden Markov models; Malware; Prediction algorithms; Predictive models; Servers; Web pages; HMM; client honeypot; malicious web page prediction; web-based malware;
Conference_Titel :
Next Generation Web Services Practices (NWeSP), 2011 7th International Conference on
Conference_Location :
Salamanca
Print_ISBN :
978-1-4577-1125-1
DOI :
10.1109/NWeSP.2011.6088149
