Portal de Periódicos da CAPES

Escape from Monkey Island: Evading High-Interaction Honeyclients

2011; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-642-22424-9_8

1611-3349

Alexandros Kapravelos, Marco Cova, Christopher Kruegel, Giovanni Vigna,

Network Security and Intrusion Detection

High-interaction honeyclients are the tools of choice to detect malicious web pages that launch drive-by-download attacks. Unfortunately, the approach used by these tools, which, in most cases, is to identify the side-effects of a successful attack rather than the attack itself, leaves open the possibility for malicious pages to perform evasion techniques that allow one to execute an attack without detection or to behave in a benign way when being analyzed. In this paper, we examine the security model that high-interaction honeyclients use and evaluate their weaknesses in practice. We introduce and discuss a number of possible attacks, and we test them against several popular, well-known high-interaction honeyclients. Our attacks evade the detection of these tools, while successfully attacking regular visitors of malicious web pages.