Honeypots: Tracking Hackers
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Introduction to Information Retrieval
Introduction to Information Retrieval
Virtual honeypots: from botnet tracking to intrusion detection
Virtual honeypots: from botnet tracking to intrusion detection
| Hi-index | 0.00 |
Client honeypots visit and interact with suspect web sites in order to detect and collect information about malware. Malicious websites may cause a number of activities to be performed on a victim's system; each activity is performed in different stages. We use a state machine to represent the activities performed by the malicious web page into pre-defined states. These states can be used to summarise interactions with malicious web pages using the same state machine structure. The states are then passed to a clustering algorithm to group similar malicious web page exploits in order to better understand how software can be developed to better respond to such attacks. The outputs of the clustering algorithm are categorized to build up groups of similar states that represent the malicious activities performed on the victim's system. The benefit of using this process is to build families of malicious web pages with similar behaviours (behaviour families) leading to the development of common approaches to deal with such exploits.