Detecting malicious rootkit web pages in high-interaction client honeypots

Author

Liu, Hengya ; Zhang, Dongmei ; Wei, Gengyu ; Zhong, Jinxin

Author_Institution

Fac. of Compute Sci. & Technol., Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2010

fDate

17-19 Dec. 2010

Firstpage

544

Lastpage

547

Abstract

Malicious web pages that launch client-side attacks on web browsers have became a severe threat in today´s Internet. High-interaction client honeypots are security devices that detect these malicious web pages on a network. However, high-interaction client honeypots are not good enough for detecting malicious web pages, especially for web pages carrying rootkit which is used to hide the presence of a malicious object (process, file, registry key, network port). To this deficiency, this paper brings forward a detecting technique of kernal integrity which is based on System Services Descriptor Table(SSDT) in High-interaction honeypots client side. The experimental results indicate that the correct ratio in detecting malicious servers raise obviously.

Keywords

Internet; Web sites; online front-ends; security of data; Internet; Web browsers; client-side attacks; high-interaction client honeypots; high-interaction honeypots client side; kernal integrity; malicious Web pages; malicious object; malicious rootkit Web pages; network port; registry key; security devices; system services descriptor table; Browsers; Internet; Kernel; Monitoring; Security; Servers; Web pages; High-interaction; Honeypots; SSDT; Web pages; rootkit;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-6942-0

Type

conf

DOI

10.1109/ICITIS.2010.5689538

Filename

5689538