How to Design Practical Client Honeypots Based on Virtual Environment

2016 11th Asia Joint Conference on Information Security (AsiaJCIS) Pub Date : 2016-08-01 DOI:10.1109/AsiaJCIS.2016.19

Jinhak Park, Jangwon Choi, Jungsuk Song

{"title":"How to Design Practical Client Honeypots Based on Virtual Environment","authors":"Jinhak Park, Jangwon Choi, Jungsuk Song","doi":"10.1109/AsiaJCIS.2016.19","DOIUrl":null,"url":null,"abstract":"Honeypot is known as the most famous and widely deployed tool for collecting malwares on the Internet. Conventional honeypots lure attackers into them by simulating vulnerable applications, programs and services, and are able to collect malwares by monitoring malicious activities of attackers. While client honeypots visit websites linked to URLs which are previously provided by users and collect malwares by analyzing the websites. Since attackers mainly use websites for spreading their well-crafted malwares or compromising their target systems, client honeypots have a remarkable attention for the purpose of collecting malwares effectively. However, most existing approaches focus on only collecting malwares by using open source client honeypots such as Capture-HPC, HoneyClient, HoneyMonkey, etc and analyzing them. In this paper, we present how to design practical client honeypots based on virtual environment. The proposed client honeypots are able to help users who want to develop their own client honeypots and deploy them. The experimental results show that the proposed client honeypots visited 2,276,733 URLs, identified 28,831 malicious URLs and succeeded in collecting 2,115 malwares.","PeriodicalId":213242,"journal":{"name":"2016 11th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2016.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Honeypot is known as the most famous and widely deployed tool for collecting malwares on the Internet. Conventional honeypots lure attackers into them by simulating vulnerable applications, programs and services, and are able to collect malwares by monitoring malicious activities of attackers. While client honeypots visit websites linked to URLs which are previously provided by users and collect malwares by analyzing the websites. Since attackers mainly use websites for spreading their well-crafted malwares or compromising their target systems, client honeypots have a remarkable attention for the purpose of collecting malwares effectively. However, most existing approaches focus on only collecting malwares by using open source client honeypots such as Capture-HPC, HoneyClient, HoneyMonkey, etc and analyzing them. In this paper, we present how to design practical client honeypots based on virtual environment. The proposed client honeypots are able to help users who want to develop their own client honeypots and deploy them. The experimental results show that the proposed client honeypots visited 2,276,733 URLs, identified 28,831 malicious URLs and succeeded in collecting 2,115 malwares.

查看原文本刊更多论文

如何基于虚拟环境设计实用的客户端蜜罐

蜜罐被认为是最著名和广泛部署的工具，用于收集互联网上的恶意软件。传统蜜罐通过模拟易受攻击的应用程序、程序和服务来引诱攻击者进入蜜罐，并能够通过监视攻击者的恶意活动来收集恶意软件。而客户端蜜罐会访问用户之前提供的url链接的网站，通过分析这些网站收集恶意软件。由于攻击者主要利用网站传播精心制作的恶意软件或破坏目标系统，因此客户端蜜罐对有效收集恶意软件的目的非常关注。然而，大多数现有的方法只关注于通过使用开源客户端蜜罐(如Capture-HPC、HoneyClient、HoneyMonkey等)收集恶意软件并对其进行分析。本文介绍了如何基于虚拟环境设计实用的客户端蜜罐。建议的客户端蜜罐能够帮助希望开发自己的客户端蜜罐并部署它们的用户。实验结果表明，提出的客户端蜜罐共访问了2276733个url，识别了28831个恶意url，成功收集了2115个恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 11th Asia Joint Conference on Information Security (AsiaJCIS)

自引率

0.00%

发文量