Skip to main content
SpringerLink
Log in

Clustering Client Honeypot Data to Support Malware Analysis

  • Conference paper
Knowledge-Based and Intelligent Information and Engineering Systems (KES 2010)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6279))

Abstract

Client honeypots visit and interact with suspect web sites in order to detect and collect information about malware. Malicious websites may cause a number of activities to be performed on a victim’s system; each activity is performed in different stages. We use a state machine to represent the activities performed by the malicious web page into pre-defined states. These states can be used to summarise interactions with malicious web pages using the same state machine structure. The states are then passed to a clustering algorithm to group similar malicious web page exploits in order to better understand how software can be developed to better respond to such attacks. The outputs of the clustering algorithm are categorized to build up groups of similar states that represent the malicious activities performed on the victim’s system. The benefit of using this process is to build families of malicious web pages with similar behaviours (behaviour families) leading to the development of common approaches to deal with such exploits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Spitzner, L.: Honeypots: Tracking Hackers, 1st edn. Addison-Wesley Professional, Reading (2002)

    Google Scholar 

  2. Witten, J., Frank, F.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)

    MATH  Google Scholar 

  3. Windows Workflow Foundation, http://msdn.microsoft.com/en-us/netframework/aa663328.aspx (Accessed August 5, 2009)

  4. Capture-HPC (2008), https://projects.honeynet.org/capture-hpc (Accessed February 1, 2009)

  5. Song, I.-Y., Eder, J., Nguyen, T.M. (eds.): DaWaK 2007. LNCS, vol. 4654. Springer, Heidelberg (2007)

    Google Scholar 

  6. Vijaya, P., Murty, M., Subramaniana, D.: Efficient bottom-up hybrid hierarchical clusteringnext term techniques for protein sequence classification. Pattern Recognition Bioinformatics 39(12), 2344–2355 (2006)

    Article  MATH  Google Scholar 

  7. Manning, C., Raghavan, P., Schütze, H.: Introduction to Information Retrieval. Cambridge University Press, Cambridge (2008)

    MATH  Google Scholar 

  8. Provos, N., Holz, T.: Virtual Honeypots: from Botnet Tracking to Intrusion Detection, 1st edn. Addison-Wesley Professional, Reading (2007)

    Google Scholar 

  9. Seifert, C.: Know Your Enemy: Behind the Scenes of Malicious Web Servers (2007), http://honeynet.org/book/export/html/181 (Accessed March 1, 2009)

Download references

Author information

Authors and Affiliations

  1. School of Computer Science & Informatics, Cardiff University, UK

    Yaser Alosefer & Omer Rana

Authors
  1. Yaser Alosefer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Omer Rana
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering, Cardiff University, The Parade, CF24 3AA, Cardiff, UK

    Rossitza Setchi

  2. Dept. of Computer Science and Software Engineering, University of Portsmouth, BUckingham Building, Lion Terrace, PO1 3HE, Portsmouth, UK

    Ivan Jordanov

  3. KES International, 145-157 St. John Street, EC1V 4PY, London, UK

    Robert J. Howlett

  4. School of Electrical and Information Engineering, University of South Australia, Adelaide, Mawson Lakes Campus, 5095, SA, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alosefer, Y., Rana, O. (2010). Clustering Client Honeypot Data to Support Malware Analysis. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15384-6_59

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15384-6_59

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15383-9

  • Online ISBN: 978-3-642-15384-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation