Presented at: 20th International World Wide Web Conference (WWW2011)
by John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy, MartÃn Abadi
Webpage: http://wwwconference.org/www2011/proceeding/proceedings/p207.pdfMany malicious activities on the Web today make use of compromised Web servers, because these servers often have high pageranks and provide free resources. Attackers are therefore constantly searching for vulnerable servers. In this work, we aim to understand how attackers find, compromise, and misuse vulnerable servers. Specifically, we present heat-seeking honeypots that actively attract attackers, dynamically generate and deploy honeypot pages, then analyze logs to identify attack patterns. Over a period of three months, our deployed honeypots, despite their obscure location on a university network, attracted more than 44,000 attacker visits from close to 6,000 distinct IP addresses. By analyzing these visits, we characterize attacker behavior and develop simple techniques to identify attack traffic. Applying these techniques to more than 100 regular Web servers as an example, we identified malicious queries in almost all of their logs.
Heat-Seeking Honeypots: Design and Experience was presented at this event.
Keywords: Web Security, World Wide Web
Resource URI on the dog food server: http://data.semanticweb.org/conference/www/2011/paper/heat-seeking-honeypots-design-and-experience
Explore this resource elsewhere: