Sciweavers

DIMVA
2011

Escape from Monkey Island: Evading High-Interaction Honeyclients

13 years 4 months ago
Escape from Monkey Island: Evading High-Interaction Honeyclients
Abstract. High-interaction honeyclients are the tools of choice to detect malicious web pages that launch drive-by-download attacks. Unfortunately, the approach used by these tools, which, in most cases, is to identify the side-effects of a successful attack rather than the attack itself, leaves open the possibility for malicious pages to perform evasion techniques that allow one to execute an attack without detection or to behave in a benign way when being analyzed. In this paper, we examine the security model that high-interaction honeyclients use and evaluate their weaknesses in practice. We introduce and discuss a number of possible attacks, and we test them against several popular, well-known highinteraction honeyclients. Our attacks evade the detection of these tools, while successfully attacking regular visitors of malicious web pages.
Alexandros Kapravelos, Marco Cova, Christopher Kru
Added 27 Aug 2011
Updated 27 Aug 2011
Type Journal
Year 2011
Where DIMVA
Authors Alexandros Kapravelos, Marco Cova, Christopher Kruegel, Giovanni Vigna
Comments (0)