Sciweavers

WWW
2011
ACM

Heat-seeking honeypots: design and experience

13 years 7 months ago
Heat-seeking honeypots: design and experience
Many malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to understand how attackers find, compromise, and misuse vulnerable servers. Specifically, we present heatseeking honeypots that actively attract attackers, dynamically generate and deploy honeypot pages, then analyze logs to identify attack patterns. Over a period of three months, our deployed honeypots, despite their obscure location on a university network, attracted more than 44,000 attacker visits from close to 6,000 distinct IP addresses. By analyzing these visits, we characterize attacker behavior and develop simple techniques to identify attack traffic. Applying these techniques to more than 100 regular Web servers as an example, we identified malicious queries in almost all of their logs. Categories and Subject Descriptors H.4 [Inf...
John P. John, Fang Yu, Yinglian Xie, Arvind Krishn
Added 15 May 2011
Updated 15 May 2011
Type Journal
Year 2011
Where WWW
Authors John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, Martín Abadi
Comments (0)