Enhancing honeypot to collect client side attacks behavior from malicious URL
Usersare in danger of getting hit by a client side attacks which can come from a malicious URL. This URL can contain trojan apps that disguise as a normal application or trigger a download and executing malware without the user’s concent. The research tackled the issue of malicious URL behaviors when interacting with user’s system. The Interaction is captured by using a combination of low interaction and high interaction honeypots. Low interaction honeypot will capture site behavior when visited, and capture their malicious payload, while high interaction honeypot collects state changes that occur in user’s system during site’s visitation. From this research, we can conclude that malicious site can distribute malware by disguising it as a normal application, and some site will behave differently to avoid being detected while being analyzed by the honeypots. We also added improvements to low interaction honeypot by adding the ability to crawl and process a large number of URL automatically. This improvement will improve the capability of the honeypot to gather a large amount of data in a shorter time than before. We have decreased the overall time of the process using this improvement up to 43%.rn
B02493 | (Rack Thesis) | Available |
No other version available