Escape From Monkey Island: Evading High-Interaction Honeyclients
DIMVA'11: Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment(2011)
摘要
High-interaction honeyclients are the tools of choice to detect malicious web pages that launch drive-by-download attacks. Unfortunately, the approach used by these tools, which, in most cases, is to identify the side-effects of a successful attack rather than the attack itself, leaves open the possibility for malicious pages to perform evasion techniques that allow one to execute an attack without detection or to behave in a benign way when being analyzed. In this paper, we examine the security model that high-interaction honeyclients use and evaluate their weaknesses in practice. We introduce and discuss a number of possible attacks, and we test them against several popular, well-known high-interaction honeyclients. Our attacks evade the detection of these tools, while successfully attacking regular visitors of malicious web pages.
更多查看译文
关键词
malicious web page,High-interaction honeyclients,high-interaction honeyclients use,launch drive-by-download attack,malicious page,possible attack,successful attack,well-known high-interaction honeyclients,evasion technique,regular visitor,monkey island
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络