Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 985019
- Report Number(s):
- PNNL-SA-65284; TRN: US201016%%1655
- Resource Relation:
- Related Information: Foundations of Augmented Cognition Neuroergonomics and Operational Neuroscience, 138-147
- Country of Publication:
- United States
- Language:
- English
Similar Records
Drive-by-Downloads
Identifying and Analyzing Web Server Attacks