Client honeypots: Approaches and challenges

Author

Qassrawi, Mahmoud T. ; Zhang, HongLi

Author_Institution

Sch. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China

fYear

2010

fDate

11-13 May 2010

Firstpage

19

Lastpage

25

Abstract

In recent years, client user has become the main target for attacks, as the adversary believe that the end user is the weakest link in the security chain. Traditional honeypots and security tools are not effective against these new attacks. Therefore, client honeypot has appeared as new technology to supplement the existing protection tools. Client honeypot is a honeypot actively searches for malicious sites on the web. In this paper, we will show and analyze the main approaches used by client honeypots to detect client-side attacks. We will also address how attacker can evade and hide from client honeypots. Moreover, we discuss and analyze various issues relates to client honeypot: detection problems, invisibility of honeypots, and integrity issues. By analyzing characteristics of client honeypots, we will introduce factors to define and measure client honeypots effectiveness.

Keywords

Internet; invasive software; Web; client honeypots; client-side attacks; malicious sites; malware; protection tools; security chain; Computer crime; Computer science; Control systems; Electronic mail; Face detection; Intrusion detection; Protection; Streaming media; Target tracking; Web pages; 0day Attacks; Client Honeypots; Client-Side Attacks; False Negative; False Positve; Honeypots; Malwar; Obfuscation;

fLanguage

English

Publisher

ieee

Conference_Titel

New Trends in Information Science and Service Science (NISS), 2010 4th International Conference on

Conference_Location

Gyeongju

Print_ISBN

978-1-4244-6982-6

Electronic_ISBN

978-89-88678-17-6

Type

conf

Filename

5488508