通过使用蜜罐数据的行为分析来预测客户端攻击

2011 7th International Conference on Next Generation Web Services Practices Pub Date : 2011-12-01 DOI:10.1109/NWESP.2011.6088149

Yaser Alosefer, O. Rana

{"title":"通过使用蜜罐数据的行为分析来预测客户端攻击","authors":"Yaser Alosefer, O. Rana","doi":"10.1109/NWESP.2011.6088149","DOIUrl":null,"url":null,"abstract":"In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.","PeriodicalId":271670,"journal":{"name":"2011 7th International Conference on Next Generation Web Services Practices","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Predicting client-side attacks via behaviour analysis using honeypot data\",\"authors\":\"Yaser Alosefer, O. Rana\",\"doi\":\"10.1109/NWESP.2011.6088149\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.\",\"PeriodicalId\":271670,\"journal\":{\"name\":\"2011 7th International Conference on Next Generation Web Services Practices\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 7th International Conference on Next Generation Web Services Practices\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NWESP.2011.6088149\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 7th International Conference on Next Generation Web Services Practices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NWESP.2011.6088149","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

摘要

近年来，攻击者开始利用网页向用户传递恶意代码。基于web的恶意软件通过修改代码或使用零日漏洞来克服基于签名的检测。我们提出了一种使用隐马尔可夫模型(HMM)和客户端蜜罐系统的恶意活动检测方法。我们的算法能够根据web客户端和服务器之间当前和过去的交互来检测web服务器的潜在恶意行为，还可以预测未来可能的行为。预测算法从客户端蜜罐系统记录的先前扫描行为中学习。我们对这些行为进行分组，以便能够对这些组的共同特征进行调查。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Predicting client-side attacks via behaviour analysis using honeypot data

In recent years, attackers have started to use web pages to deliver their malicious code to users. Web-based malware overcomes signature-based detection by modification of the code or using zero-day exploits. We propose a malicious activity detection method using Hidden Markov Models (HMM) alongside a client honeypot system. Our algorithm is able to detect the potential malicious behaviour of a web server based on current and past interactions between the web client and the server and can also predict possible future behaviours. The prediction algorithm learns from previously scanned behaviours recorded by a client honeypot system. We group such behaviours in order to enable common characteristics to be investigated across these groups.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 7th International Conference on Next Generation Web Services Practices

自引率

0.00%

发文量