真正成本曲线:一种基于成本的高交互客户端蜜罐评价方法

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.17

C. Seifert, P. Komisarczuk, I. Welch

{"title":"真正成本曲线:一种基于成本的高交互客户端蜜罐评价方法","authors":"C. Seifert, P. Komisarczuk, I. Welch","doi":"10.1109/SECURWARE.2009.17","DOIUrl":null,"url":null,"abstract":"Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots\",\"authors\":\"C. Seifert, P. Komisarczuk, I. Welch\",\"doi\":\"10.1109/SECURWARE.2009.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

摘要

客户端蜜罐是一种安全设备，用于查找攻击客户端的服务器。高交互客户端蜜罐(hhicps)通过驱动专门的易受攻击的web浏览器来检索和分类这些页面，从而对潜在的恶意网页进行分类。考虑到互联网的规模，识别许多恶意网页的能力是一项至关重要的任务。然而，HICHPs也带来了挑战:它们速度慢，容易错过攻击。对于研究人员来说，为了解决这些缺点，他们需要评估HICHPs的方法。本文(1)提出了一种称为真正成本曲线(TPCC)的评估方法，该方法可以评估和比较作业环境中的高通量热泵，但也允许作业者在特定的作业环境中调整高通量热泵;(2)提出了HICHPs访问网页方式的改进，并采用TPCC方法对其进行了评估;(3)讨论了定时炸弹在操作环境中对高热压系统性能的影响，以及在TPCC的帮助下调整高热压系统以获得最佳性能的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

True Positive Cost Curve: A Cost-Based Evaluation Method for High-Interaction Client Honeypots

Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious web pages by driving a dedicated vulnerable web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious web pages is a crucial task. HICHPs, however, present challenges: They are slow and tend to miss attacks. For researchers to address these shortcomings, they need methods for evaluating HICHPs. This paper (1) presents an evaluation method called the True Positive Cost Curve (TPCC), which makes it possible to evaluate and compare HICHPs in an operating environment, but also allows an operator to tune HICHPs within a specific operating environment; (2) presents improvements on the way HICHPs visit web pages and evaluates them with the TPCC method; and (3) discusses the impact of time bombs on the performance of HICHPs in an operating environment and the ability to tune an HICHP for optimal performance with the help of the TPCC.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量