{"title":"Predicting client-side attacks via behaviour analysis using honeypot data","authors":"Yaser Alosefer, O. Rana","doi":"10.1109/NWESP.2011.6088149","DOIUrl":null,"url":null,"abstract":"In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.","PeriodicalId":271670,"journal":{"name":"2011 7th International Conference on Next Generation Web Services Practices","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 7th International Conference on Next Generation Web Services Practices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NWESP.2011.6088149","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19
Abstract
In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
