This paper presents the application of deception theory to improve the success of client honeypots at detecting malicious web page attacks from infected servers programmed by online criminals to launch drive-by-download attacks. The design of honeypots faces three main challenges: deception, how to design honeypots that seem real systems; counter-deception, techniques used to identify honeypots and hence defeating their deceiving nature; and counter counter-deception, how to design honeypots that deceive attackers. The authors propose the application of a deception model known as the deception planning loop to identify the current status on honeypot research, development and deployment. The analysis leads to a proposal to formulate a landscape of the honeypot research and planning of steps ahead.
Revised: August 10, 2010 |
Published: July 24, 2009
Citation
Popovsky B., J.F. Narvaez Suarez, C. Seifert, D.A. Frincke, L.R. O'Neil, and C.U. Aval. 2009.Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks. In Foundations of Augmented Cognition Neuroergonomics and Operational Neuroscience. 138-147. Berlin:Springer.PNNL-SA-65284.