Proceedings of the 2nd International Conference on Advances in Computer Science and Engineering (CSE 2013)

Malicious Website Detection Based on Honeypot Systems

Authors
Tung-Ming Koo, Hung-Chang Chang, Ya-Ting Hsu, Huey-Yeh Lin
Corresponding Author
Tung-Ming Koo
Available Online July 2013.
DOI
10.2991/cse.2013.19How to use a DOI?
Keywords
Honeypot; malicious website; drive-by download
Abstract

In the Internet age, every computer user is likely to inadvertently encounter highly contagious viruses. Over the past several years, a new type of web attack has spread across the web, that is, when a client connects to a malicious remote server, the server responds to the request while simultaneously transporting malicious programs to the client’s computer, thereby launching a drive-by download attack. If the attack is successful, malicious servers can control and execute any program from the client’s computer. Malicious websites frequently harbor obfuscation mechanisms to evade signature-based detection systems. These obfuscators have become increasingly sophisticated that they have begun to invade multimedia files (JPG, Flash, and PDF). Under such circumstances, unless specific behaviors are triggered by malicious webpages, identifying programs with malicious intent by merely analyzing web content is extremely difficult, not to mention the formidable quantity of webpages and the ever changing attack techniques. Based on a client-side honeypot system, this study proposes a model for determining whether a webpage is malicious. We present a technique to improve the accuracy of malicious web detection. First, static content analysis is performed to accelerate the detection, followed by actual browsing on webpages for in-depth probing using the client-side honeypot system. Using this method, user’s security is protected when surfing the Internet.

Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2nd International Conference on Advances in Computer Science and Engineering (CSE 2013)
Series
Advances in Intelligent Systems Research
Publication Date
July 2013
ISBN
978-90786-77-70-3
ISSN
1951-6851
DOI
10.2991/cse.2013.19How to use a DOI?
Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Tung-Ming Koo
AU  - Hung-Chang Chang
AU  - Ya-Ting Hsu
AU  - Huey-Yeh Lin
PY  - 2013/07
DA  - 2013/07
TI  - Malicious Website Detection Based on Honeypot Systems
BT  - Proceedings of the 2nd International Conference on Advances in Computer Science and Engineering (CSE 2013)
PB  - Atlantis Press
SP  - 76
EP  - 82
SN  - 1951-6851
UR  - https://doi.org/10.2991/cse.2013.19
DO  - 10.2991/cse.2013.19
ID  - Koo2013/07
ER  -