Secure instant messaging in enterprise-like networks

Authors:
Mengjun Xie;Zhenyu Wu;Haining Wang
Affiliations:
Computer Science Department, University of Arkansas at Little Rock, Little Rock, AR 72204, United States;Computer Science Department, College of William and Mary, Williamsburg, VA 23185, United States;Computer Science Department, College of William and Mary, Williamsburg, VA 23185, United States
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2012

Citing 10
Cited 0

On instant messaging worms, analysis and countermeasures

Proceedings of the 2005 ACM workshop on Rapid malcode
Communication characteristics of instant messaging: effects and predictions of interpersonal relationships

CSCW '06 Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work
Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Modeling and Simulation Study of the Propagation and Defense of Internet E-mail Worms

IEEE Transactions on Dependable and Secure Computing
Understanding Instant Messaging Traffic Characteristics

ICDCS '07 Proceedings of the 27th International Conference on Distributed Computing Systems
Analyzing network and content characteristics of spim using honeypots

SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Planetary-scale views on a large instant-messaging network

Proceedings of the 17th international conference on World Wide Web
Catching instant messaging worms with change-point detection techniques

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection
PhoneyC: a virtual client honeypot

LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more

Quantified Score

Hi-index	0.00

Visualization

Abstract

Instant messaging (IM) has been one of most frequently used malware attack vectors due to its popularity. However, previous solutions are ineffective to defend against IM malware in an enterprise-like network environment, mainly because of high false positive rate and the requirement of the IM server being inside the protected network. In this paper, we propose a novel IM malware detection and suppression mechanism, HoneyIM, which guarantees almost zero false positive on detecting and blocking IM malware in an enterprise-like network. The detection of HoneyIM is based on the concept of honeypot. HoneyIM uses decoy accounts to trap IM malware by leveraging malware spreading characteristics. Fed with accurate detection results, the suppression of HoneyIM can conduct a network-wide blocking. In addition, HoneyIM delivers attack information to network administrators in real-time so that system quarantine and recovery can be quickly performed. The core design of HoneyIM is generic, and can be applied to the scenarios that either enterprise IM services or public IM services are used in the protected network. Based on open-source IM client Pidgin and client honeypot Capture, we build a prototype of HoneyIM and validate its efficacy through both simulations and real experiments. Our results show that HoneyIM provides effective protection against IM malware in enterprise-like networks.