Title :
Detecting malicious rootkit web pages in high-interaction client honeypots
Author :
Liu, Hengya ; Zhang, Dongmei ; Wei, Gengyu ; Zhong, Jinxin
Author_Institution :
Fac. of Compute Sci. & Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Malicious web pages that launch client-side attacks on web browsers have became a severe threat in today´s Internet. High-interaction client honeypots are security devices that detect these malicious web pages on a network. However, high-interaction client honeypots are not good enough for detecting malicious web pages, especially for web pages carrying rootkit which is used to hide the presence of a malicious object (process, file, registry key, network port). To this deficiency, this paper brings forward a detecting technique of kernal integrity which is based on System Services Descriptor Table(SSDT) in High-interaction honeypots client side. The experimental results indicate that the correct ratio in detecting malicious servers raise obviously.
Keywords :
Internet; Web sites; online front-ends; security of data; Internet; Web browsers; client-side attacks; high-interaction client honeypots; high-interaction honeypots client side; kernal integrity; malicious Web pages; malicious object; malicious rootkit Web pages; network port; registry key; security devices; system services descriptor table; Browsers; Internet; Kernel; Monitoring; Security; Servers; Web pages; High-interaction; Honeypots; SSDT; Web pages; rootkit;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5689538
