Sciweavers

USS
2008

To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads

14 years 1 months ago
To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads
We present an automated, scalable, method for crafting dynamic responses to real-time network requests. Specifically, we provide a flexible technique based on natural language processing and string alignment techniques for intelligently interacting with protocols trained directly from raw network traffic. We demonstrate the utility of our approach by creating a low-interaction webbased honeypot capable of luring attacks from search worms targeting hundreds of different web applications. In just over two months, we witnessed over 368, 000 attacks from more than 5, 600 botnets targeting several hundred distinct webapps. The observed attacks included several exploits detected the same day the vulnerabilities were publicly disclosed. Our analysis of the payloads of these attacks reveals the state of the art in search-worm based botnets, packed with surprisingly modular and diverse functionality.
Sam Small, Joshua Mason, Fabian Monrose, Niels Pro
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield
Comments (0)