PhoneyC: A Virtual Client Honeypot
نویسنده
چکیده
The number of client-side attacks has grown significantly in the past few years, shifting focus away from defendable positions to a broad, poorly defended space filled with vulnerable clients. Just as honeypots enabled deep research into server-side attacks, honeyclients can permit the deep study of client-side attacks. A complement to honeypots, a honeyclient is a tool designed to mimic the behavior of a userdriven network client application, such as a web browser, and be exploited by an attacker’s content. These systems are instrumented to discover what happened and how. This paper presents PhoneyC, a honeyclient tool that can provide visibility into new and complex client-side attacks. PhoneyC is a virtual honeyclient, meaning it is not a real application but rather an emulated client. By using dynamic analysis, PhoneyC is able to remove the obfuscation from many malicious pages. Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.
منابع مشابه
Design and Implementation of Virtual Client Honeypot
Computers security has become a major issue in many organization. There are different solutions to response to this needs but they remain insufficient to truly secure network. Honeypot is used in the area of computer and Internet Security. It is resource which is intended to be attacked and comprised to gain more information about the attacker and their attack techniques. Compared to an intrusi...
متن کاملYALIH, Yet Another Low Interaction Honeyclient
Low-interaction honeyclients employ static detection techniques such as signatures, heuristic or anomaly detection in the identification of malicious websites. They are associated with low detection rate and failure to identify zero-day and obfuscated attacks. This paper presents a low-interaction client honeypot that employs multiple signature detection engines in combination with de-obfuscati...
متن کاملAnalysis of Client Honeypots
With the growing popularity of Internet, security has become one of the most important concerns. Honeypot is a security resource whose value lies in being probed or attacked. It can be used to wave off the security issues arising nowadays. Also one can obtain a considerable amount of information about the attacker and his attacking methodologies. This paper includes brief discussion about diffe...
متن کاملCollapsar: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention
The honeypot has emerged as an effective tool to provide insights into new attacks and exploitation trends. However, a single honeypot or multiple independently operated honeypots only provide limited local views of network attacks. Coordinated deployment of honeypots in different network domains not only provides broader views, but also create opportunities of early network anomaly detection, ...
متن کاملHoneyMesh: Preventing Distributed Denial of Service Attacks using Virtualized Honeypots
Today, internet and web services have become an inseparable part of our lives. Hence, ensuring continuous availability of service has become imperative to the success of any organization. But these services are often hampered by constant threats from myriad types of attacks. One such attack is called distributed denial of service attack that results in issues ranging from temporary slowdown of ...
متن کامل