Behind the scenes of online attacks: an analysis of exploitation behaviors on the web
作者: Davide Balzarotti , Davide Canali
DOI:
关键词:
摘要: Web attacks are nowadays one of the major threats on Internet, and several studies have analyzed them, providing details how they performed spread. However, no study seems to sufficiently typical behavior an attacker after a website has been compromised. This paper presents design, implementation, deployment network 500 fully functional honeypot websites, hosting range different services, whose aim is attract attackers collect information what do during their attacks. In 100 days experiments, our system automatically collected, normalized, clustered over 85,000 files that were created approximately 6,000 Labeling clusters allowed us draw general picture attack landscape, identifying behind each action both exploitation web application.
archives-ouvertes.fr
ndss-symposium.org 参考文章(15)
Tyler Moore, Richard Clayton, Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing Financial Cryptography and Data Security. ,vol. 5628, pp. 256- 272 ,(2009) , 10.1007/978-3-642-03549-4_16
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vassil Roussev, Data Fingerprinting with Similarity Digests international conference on digital forensics. pp. 207- 226 ,(2010) , 10.1007/978-3-642-15506-2_15
Fabien Pouget, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform ,(2005)
Vern Paxson, Chris Grier, Juan Caballero, Christian Kreibich, Measuring pay-per-install: the commoditization of malware distribution usenix security symposium. pp. 13- 13 ,(2011)
Arvind Krishnamurthy, John P. John, Yinglian Xie, Martín Abadi, Fang Yu, deSEO: combating search-result poisoning usenix security symposium. pp. 20- 20 ,(2011)
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Vincent Nicomette, Mohamed Kaâniche, Eric Alata, Matthieu Herrb, Set-up and deployment of a high-interaction honeypot: experiment and lessons learned Journal of Computer Virology and Hacking Techniques. ,vol. 7, pp. 143- 157 ,(2011) , 10.1007/S11416-010-0144-2
Andreas Sæbjørnsen, Jeremiah Willcock, Thomas Panas, Daniel Quinlan, Zhendong Su, Detecting code clones in binary executables Proceedings of the eighteenth international symposium on Software testing and analysis - ISSTA '09. pp. 117- 128 ,(2009) , 10.1145/1572272.1572287
Fabian Monrose, Panayiotis Mavrommatis, Moheeb Abu Rajab, Niels Provos, All your iFRAMEs point to Us usenix security symposium. pp. 1- 15 ,(2008)