Proceedings of the 2011 ACM Symposium on Research in Applied Computation
Efficient and effective realtime prediction of drive-by download attacks
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.