Vulnerabilities in web applications expose computer networks to security threats. For example, attackers use a large number of normal user websites as hopping sites, which are illegally operated using malware distributed by abusing vulnerabilities in web applications on these websites, for attacking other websites and user terminals. Thus, the security threats, resulting from vulnerabilities in web applications prevent service providers from constructing secure networking environments. To protect websites from attacks based on the vulnerabilities of web applications, security vendors and service providers collect attack information using web honeypots, which masquerade as vulnerable systems. To collect all accesses resulting from attacks that include further network attacks by malware, such as downloaders, vendors and providers use high-interaction web honeypots, which are composed of vulnerable systems with surveillance functions. However, conventional high-interaction web honeypots can collect only limited information and malware from attacks, whose paths in the destination URLs do not match the path structure of the web honeypot since these attacks are failures. To solve this problem, we propose a scheme in which the destination URLs of these attacks are corrected by determining the correct path from the path structure of the web honeypot. Our Internet investigation revealed that 97% of attacks are failures. However, we confirmed that approximately 50% of these attacks will succeed with our proposed scheme. We can use much more information with this scheme to protect websites than with conventional high-interaction web honeypots because we can collect complete information and malware from these attacks.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, "Intelligent High-Interaction Web Honeypots Based on URL Conversion Scheme" in IEICE TRANSACTIONS on Communications,
vol. E94-B, no. 5, pp. 1339-1347, May 2011, doi: 10.1587/transcom.E94.B.1339.
Abstract: Vulnerabilities in web applications expose computer networks to security threats. For example, attackers use a large number of normal user websites as hopping sites, which are illegally operated using malware distributed by abusing vulnerabilities in web applications on these websites, for attacking other websites and user terminals. Thus, the security threats, resulting from vulnerabilities in web applications prevent service providers from constructing secure networking environments. To protect websites from attacks based on the vulnerabilities of web applications, security vendors and service providers collect attack information using web honeypots, which masquerade as vulnerable systems. To collect all accesses resulting from attacks that include further network attacks by malware, such as downloaders, vendors and providers use high-interaction web honeypots, which are composed of vulnerable systems with surveillance functions. However, conventional high-interaction web honeypots can collect only limited information and malware from attacks, whose paths in the destination URLs do not match the path structure of the web honeypot since these attacks are failures. To solve this problem, we propose a scheme in which the destination URLs of these attacks are corrected by determining the correct path from the path structure of the web honeypot. Our Internet investigation revealed that 97% of attacks are failures. However, we confirmed that approximately 50% of these attacks will succeed with our proposed scheme. We can use much more information with this scheme to protect websites than with conventional high-interaction web honeypots because we can collect complete information and malware from these attacks.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E94.B.1339/_p
Copy
@ARTICLE{e94-b_5_1339,
author={Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, },
journal={IEICE TRANSACTIONS on Communications},
title={Intelligent High-Interaction Web Honeypots Based on URL Conversion Scheme},
year={2011},
volume={E94-B},
number={5},
pages={1339-1347},
abstract={Vulnerabilities in web applications expose computer networks to security threats. For example, attackers use a large number of normal user websites as hopping sites, which are illegally operated using malware distributed by abusing vulnerabilities in web applications on these websites, for attacking other websites and user terminals. Thus, the security threats, resulting from vulnerabilities in web applications prevent service providers from constructing secure networking environments. To protect websites from attacks based on the vulnerabilities of web applications, security vendors and service providers collect attack information using web honeypots, which masquerade as vulnerable systems. To collect all accesses resulting from attacks that include further network attacks by malware, such as downloaders, vendors and providers use high-interaction web honeypots, which are composed of vulnerable systems with surveillance functions. However, conventional high-interaction web honeypots can collect only limited information and malware from attacks, whose paths in the destination URLs do not match the path structure of the web honeypot since these attacks are failures. To solve this problem, we propose a scheme in which the destination URLs of these attacks are corrected by determining the correct path from the path structure of the web honeypot. Our Internet investigation revealed that 97% of attacks are failures. However, we confirmed that approximately 50% of these attacks will succeed with our proposed scheme. We can use much more information with this scheme to protect websites than with conventional high-interaction web honeypots because we can collect complete information and malware from these attacks.},
keywords={},
doi={10.1587/transcom.E94.B.1339},
ISSN={1745-1345},
month={May},}
Copy
TY - JOUR
TI - Intelligent High-Interaction Web Honeypots Based on URL Conversion Scheme
T2 - IEICE TRANSACTIONS on Communications
SP - 1339
EP - 1347
AU - Takeshi YAGI
AU - Naoto TANIMOTO
AU - Takeo HARIU
AU - Mitsutaka ITOH
PY - 2011
DO - 10.1587/transcom.E94.B.1339
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E94-B
IS - 5
JA - IEICE TRANSACTIONS on Communications
Y1 - May 2011
AB - Vulnerabilities in web applications expose computer networks to security threats. For example, attackers use a large number of normal user websites as hopping sites, which are illegally operated using malware distributed by abusing vulnerabilities in web applications on these websites, for attacking other websites and user terminals. Thus, the security threats, resulting from vulnerabilities in web applications prevent service providers from constructing secure networking environments. To protect websites from attacks based on the vulnerabilities of web applications, security vendors and service providers collect attack information using web honeypots, which masquerade as vulnerable systems. To collect all accesses resulting from attacks that include further network attacks by malware, such as downloaders, vendors and providers use high-interaction web honeypots, which are composed of vulnerable systems with surveillance functions. However, conventional high-interaction web honeypots can collect only limited information and malware from attacks, whose paths in the destination URLs do not match the path structure of the web honeypot since these attacks are failures. To solve this problem, we propose a scheme in which the destination URLs of these attacks are corrected by determining the correct path from the path structure of the web honeypot. Our Internet investigation revealed that 97% of attacks are failures. However, we confirmed that approximately 50% of these attacks will succeed with our proposed scheme. We can use much more information with this scheme to protect websites than with conventional high-interaction web honeypots because we can collect complete information and malware from these attacks.
ER -