| Presentation | 2010-11-18 Architecture Design of Web Phantom : Hybrid Web Honeypot Takeshi YAGI, Naoto TANIMOTO, Takeo HARIU, Mitsutaka ITOH, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | This paper proposes a hybrid web honeypot, namely Web Phantom, which generates a blacklist to prevent malware infection on many websites efficiently. Recently, with widespread of cloud computing, the number of websites is increasing rapidly. On the other hand, by using vulnerabilities in web applications, a large number of websites are infected by malware. To clear characteristics of malware infections on websites, web honeypots are studied. Web honeypots can collect attacks from the Internet and extract information which can be used as a blacklist for filtering attacks to websites. However, conventional web honeypots can collect only limited information from failure attacks which are generated low-accuracy by automatic attack tools. In our Web Phantom, actions of success attacks are generated from failure attacks by analyzing input data of the failure attacks. Moreover, additional information in files, which are downloaded in the actions, is extracted automatically. Our investigation reveals that the amount of information in the blacklist will increase approximately 50% by using Web Phantom. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | security / malware / website / web honeypot / blacklist |
| Paper # | IN2010-85 |
| Date of Issue |
| Conference Information | |
| Committee | IN |
|---|---|
| Conference Date | 2010/11/11(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Networks (IN) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Architecture Design of Web Phantom : Hybrid Web Honeypot |
| Sub Title (in English) | |
| Keyword(1) | security |
| Keyword(2) | malware |
| Keyword(3) | website |
| Keyword(4) | web honeypot |
| Keyword(5) | blacklist |
| 1st Author's Name | Takeshi YAGI |
| 1st Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Naoto TANIMOTO |
| 2nd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Takeo HARIU |
| 3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 4th Author's Name | Mitsutaka ITOH |
| 4th Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| Date | 2010-11-18 |
| Paper # | IN2010-85 |
| Volume (vol) | vol.110 |
| Number (no) | 289 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |