Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks

Authors:
Barbara Endicott-Popovsky;Julia Narvaez;Christian Seifert;Deborah A. Frincke;Lori Ross O'Neil;Chiraag Aval
Affiliations:
University of Washington, Washington, USA 98105;University of Washington, Washington, USA 98105;Victoria University of Wellington School of Engineering and Computer Science, Victoria University, Wellington, New Zealand 6140;Pacific Northwest National Laboratory, Richland, USA;Pacific Northwest National Laboratory, Richland, USA;University of Washington, Washington, USA 98105
Venue:
FAC '09 Proceedings of the 5th International Conference on Foundations of Augmented Cognition. Neuroergonomics and Operational Neuroscience: Held as Part of HCI International 2009
Year:
2009

Citing 10
Cited 1

Honeypots: Tracking Hackers

Honeypots: Tracking Hackers
Discovery of Web Robot Sessions Based on their Navigational Patterns

Data Mining and Knowledge Discovery
Honeypots: Catching the Insider Threat

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Measuring the Effectiveness of Honeypot Counter-Counterdeception

HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 06
Hiding Virtualization from Attackers and Malware

IEEE Security and Privacy
Migrating a HoneyDepot to Hardware

SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Compatibility is not transparency: VMM detection myths and realities

HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Gray Hat Hacking, Second Edition

Gray Hat Hacking, Second Edition
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection

An efficient visitation algorithm to improve the detection speed of high-interaction client honeypots

Proceedings of the 2011 ACM Symposium on Research in Applied Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.