Collecting autonomous spreading malware using high-interaction honeypots

Authors:
Jianwei Zhuge;Thorsten Holz;Xinhui Han;Chengyu Song;Wei Zou
Affiliations:
Institute of Computer Science and Technology, Peking University, China;Laboratory for Dependable Distributed Systems, University of Mannheim, Germany;Institute of Computer Science and Technology, Peking University, China;Institute of Computer Science and Technology, Peking University, China;Institute of Computer Science and Technology, Peking University, China
Venue:
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Year:
2007

Citing 7
Cited 3

Inside the Slammer Worm

IEEE Security and Privacy
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A virtual honeypot framework

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection
The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

WebPatrol: automated collection and replay of web-based malware scenarios

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned

Journal in Computer Virology
Anatomy of drive-by download attack

AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138

Quantified Score

Hi-index	0.00

Visualization

Abstract

Autonomous spreading malware in the form of worms or bots has become a severe threat in today's Internet. Collecting the sample as early as possible is a necessary precondition for the further treatment of the spreading malware, e.g., to develop antivirus signatures. In this paper, we present an integrated toolkit called HoneyBow, which is able to collect autonomous spreading malware in an automated manner using high-interaction honeypots. Compared to low-interaction honeypots, HoneyBow has several advantages due to a wider range of captured samples and the capability of collecting malware which propagates by exploiting new vulnerabilities. We validate the properties of HoneyBow with experimental data collected during a period of about nine months, in which we collected thousands of malware binaries. Furthermore, we demonstrate the capability of collecting new malware via a case study of a certain bot.