Client side attacks are those which exploits the vulnerabilities in client side applications such as browsers, plug-ins etc. The remote attackers execute the malicious code in end user’s system without his knowledge. Here in this research, we propose to detect and measure the drive by download class of malware which infect the end user’s system through HTTP based propagation mechanism. The purpose of this research is to introduce a class of technology known as client honeypot through which we execute the domains in a virtual machine in more optimized manner. Those virtual machines are the controlled environment for the execution of those URLs. During the execution of the websites, the PE files dropped into the system are logged and further analyzed for categorization of malware. Further the critical analysis has been performed by applying some reverse engineering techniques to categories the class of malware and source of infections performed by the malware.
This document discusses the design and implementation of a hybrid client honeypot that incorporates features of both low and high interaction honeypots. The hybrid honeypot aims to detect client-side malware attacks by actively visiting websites while also monitoring the system for any malware downloaded without user interaction, like zero-day attacks. It analyzes detected malware to classify known and unknown malware varieties. The hybrid approach combines the fast processing of low interaction honeypots with the ability of high interaction honeypots to detect zero-day attacks.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
The document summarizes a review on using honeypots as an intrusion detection system for wireless networks. It discusses how honeypots can be used to detect attackers by emulating vulnerable websites and systems to attract intruders. The proposed system uses different fake websites containing invalid or decoy information. If a user interacts with the honeypot sites suspiciously, their IP address would be blacklisted. The system aims to identify new attack patterns and secure the network for the future by monitoring attacker behavior on the honeypot systems without affecting real systems.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
Day by day the internet is becoming an essential part of everyone’s life. In India from 2015 – 2020, there is an increase in internet users by 400 million users. As technology and innovation are increasing rapidly. Security is a key point to keep things in order. Security and privacy are the biggest concern in the world let it is in any field or domain. There is no big difference in cyber security the security is the biggest concern worrying about attacks which could happen anytime. So, in this paper, we are going to talk about honeypot comprehensively. The aim is to track hacker to analyze and understand hacker attacker behavior to create a secure system which is sustainable and efficient. Anoop V Kanavi | Feon Jaison "Honeypot Methods and Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38045.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38045/honeypot-methods-and-applications/anoop-v-kanavi
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations occur. Tremendous growth and usage of internet raises concerns about how to protect and communicate the digital information in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms help to detect these attacks. This main objective of this paper
is to provide a complete study about the definition of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, challenges and
applications.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
This document provides a review of honeypots, which are specially designed networks that mimic real networks to attract and monitor hackers. It discusses different types of honeypots including based on interaction level (high, medium, low), deployment categories (production, research), and deployment modes (deception, intimidation, reconnaissance). Three open source honeypots - HoneyBOT, KF Sensors, and Valhala Honeypot - are analyzed based on parameters like response time, complexity, and detection/prevention abilities. Honeypots are found to be an effective security measure when combined with firewalls and intrusion detection systems to detect and prevent threats while learning about hacking techniques.
This document discusses the design and implementation of a hybrid client honeypot that incorporates features of both low and high interaction honeypots. The hybrid honeypot aims to detect client-side malware attacks by actively visiting websites while also monitoring the system for any malware downloaded without user interaction, like zero-day attacks. It analyzes detected malware to classify known and unknown malware varieties. The hybrid approach combines the fast processing of low interaction honeypots with the ability of high interaction honeypots to detect zero-day attacks.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
The document summarizes a review on using honeypots as an intrusion detection system for wireless networks. It discusses how honeypots can be used to detect attackers by emulating vulnerable websites and systems to attract intruders. The proposed system uses different fake websites containing invalid or decoy information. If a user interacts with the honeypot sites suspiciously, their IP address would be blacklisted. The system aims to identify new attack patterns and secure the network for the future by monitoring attacker behavior on the honeypot systems without affecting real systems.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
Day by day the internet is becoming an essential part of everyone’s life. In India from 2015 – 2020, there is an increase in internet users by 400 million users. As technology and innovation are increasing rapidly. Security is a key point to keep things in order. Security and privacy are the biggest concern in the world let it is in any field or domain. There is no big difference in cyber security the security is the biggest concern worrying about attacks which could happen anytime. So, in this paper, we are going to talk about honeypot comprehensively. The aim is to track hacker to analyze and understand hacker attacker behavior to create a secure system which is sustainable and efficient. Anoop V Kanavi | Feon Jaison "Honeypot Methods and Applications" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd38045.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/38045/honeypot-methods-and-applications/anoop-v-kanavi
Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations occur. Tremendous growth and usage of internet raises concerns about how to protect and communicate the digital information in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms help to detect these attacks. This main objective of this paper
is to provide a complete study about the definition of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, challenges and
applications.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
This document provides a review of honeypots, which are specially designed networks that mimic real networks to attract and monitor hackers. It discusses different types of honeypots including based on interaction level (high, medium, low), deployment categories (production, research), and deployment modes (deception, intimidation, reconnaissance). Three open source honeypots - HoneyBOT, KF Sensors, and Valhala Honeypot - are analyzed based on parameters like response time, complexity, and detection/prevention abilities. Honeypots are found to be an effective security measure when combined with firewalls and intrusion detection systems to detect and prevent threats while learning about hacking techniques.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
The document describes a proposed integrated honeypot system that aims to detect zero-day attacks, SSH attacks, and keylogger-spyware attacks. The system uses honeypots deployed in virtual machines to log attack behaviors. A separate detection framework then analyzes the honeypot logs to generate new signatures for intrusion detection and prevention systems like Snort. The integrated honeypot includes features for logging details of the targeted attacks. The system is meant to help update defenses against new attack patterns.
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
The development of attack toolkits conforms that cybercrime is driven primarily by financial motivations as noted from the significant profits made by both the developers and buyers. In this paper, an enhanced hybrid attack toolkit mitigation model was designed to tackle the economy of the attack toolkits using different techniques to discredit it. The mitigation looked into Zeus, a common and the most frequently used attack toolkit to discover the hidden information used by the attackers to launch attacks. This information helped in creating honey toolkits, honeybot and honeytokens. Honeybots are used to submit honeytoken to botmasters, who sells to the internet black market. Both the botmasters, his mules and buyers attempts to steal huge amount of money using the stolen credentials which includes both real and honeytokens and will be detected by an attack detector which sends an alert on any transaction involving the honeytokens. A reconfirmation process which is secured using enhanced RC6 cryptosystem is enacted. The reconfirmation message in plain text is securely encrypted into cipher text and transmitted from the bank to the legitimate account owner and vise visa. The result of the crypto analysis carried out on the encrypted text using RC6 encryption algorithm showed that the cipher text is not transparent.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
1 ijaems sept-2015-3-different attacks in the network a reviewINFOGAIN PUBLICATION
This document discusses various types of network attacks. It categorizes attacks as either active or passive. Active attacks try to bypass security and modify information, and include denial of service attacks, IP spoofing, man-in-the-middle attacks, and masquerading. Passive attacks monitor unencrypted traffic to obtain sensitive information without detection, through eavesdropping, traffic analysis, or network analysis. Other attack types discussed are viruses, phishing, sniffing passwords. The document provides details on these different network attacks.
This document discusses network security. It begins by defining network security and explaining the three main types: physical, technical, and administrative security controls. It then defines vulnerabilities as weaknesses that can be exploited by threats such as unauthorized access or data modification. Common network attacks are described as reconnaissance, access, denial of service, and worms/viruses. Emerging attack trends include malware, phishing, ransomware, denial of service attacks, man-in-the-middle attacks, cryptojacking, SQL injection, and zero-day exploits. The document aims to help students understand vulnerabilities, threats, attacks, and trends regarding network security.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Now a day’s risk of becoming a victim of spam and phishing attacks increases while accessing Internet. Many Web
sites exhibit violent and illegal content. Most of users are now unable to protect their networks and themselves also. However,
some countries have deployed systems for filtering the Web content. Since, the existing systems show high latency and overblocking.
Thus, an efficient method for Web filtering concept to protect users at the Internet service provider level is
presented. The proposed solution can detect and block illegal and threatening Web sites. The suggested scalable softwarebased
approach can examine Internet domains in wire speed without over-blocking. The Web filter serves as security measure
for all connected users, especially for users with limited IT expert knowledge. This solution is totally transparent to all
Network devices in the network. Setup, installation and maintenance can be created only by the Internet Service provider
administrator. So, the suggested security system is safe from attacks from users and from the network side.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
Today internet security is a serious problem. For every consumer and business that is on the Internet,
viruses, worms and crackers are a few security threats. There are the obvious tools that aid information security
professionals against these problems such as anti-virus software, firewalls and intrusion detection systems, but
these systems can only react to or prevent attacks-they cannot give us information about the attacker, the tools
used or even the methods employed. Given all of these security questions honeypots are a novel approach to
network security and security research alike. It is a resource, which is intended to be attacked and compromised to
gain more information about the attacker and the used tools. It can also be deployed to attract and divert an
attacker from their real targets. Honeypots is an additional layer of security. Honeypots have the big advantage that
they do not generate false alerts as each observed traffic is suspicious, because no productive components are
running on the system. The levels of interaction determines the amount of functionality a honeypots provides that
is low and high interactions.
Data Mining For Intrusion Detection in Mobile SystemsIOSR Journals
This document discusses using data mining techniques for intrusion detection in mobile systems. It proposes a network-based approach that removes processing overhead from mobile phones. An application on the phone collects user data and sends it to a remote server, where a previously trained neural network classifier analyzes the logs and detects abnormalities. The method was shown to detect intrusions at a 95% rate while outperforming existing mobile intrusion detection methods. It reduces processing on phones while effectively detecting intrusions in mobile networks and systems.
Autonomic Anomaly Detection System in Computer Networksijsrd.com
This paper describes how you can protect your system from Intrusion, which is the method of Intrusion Prevention and Intrusion Detection .The underlying premise of our Intrusion detection system is to describe attack as instance of ontology and its first need is to detect attack. In this paper, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-governing: self-labeling, self-updating and self-adapting. Our structure employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies.
The use of honeynet to detect exploited systems (basic version)amar koppal
This document discusses the use of honeynets to detect exploited systems and hackers. It begins with an abstract and introduction on the topic. It then provides definitions of key terms like honeynet and honeypot. It describes the principles of data capture and data control that honeynets rely on. It discusses the differences between first (GEN I) and second (GEN II) generation honeynets. It outlines the typical honeynet architecture including honeypots and honeywalls. It explains how honeynets work to study attacker activities and methods. Finally, it discusses some advantages like high value data and simplicity, and disadvantages like narrow field of view of using honeynets.
Detecting HTTP Botnet using Artificial Immune System (AIS)sadique_ghitm
This document proposes a new framework for detecting HTTP botnets using an Artificial Immune System (AIS). AIS is a bio-inspired model that applies concepts from the human immune system to solve information security problems. The proposed framework uses AIS techniques to detect malicious activities like spamming and port scanning on networks infected with HTTP bots. Experimental evaluations showed the approach can successfully detect HTTP botnet activities with high efficiency and low false positive rates.
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses the design and implementation of a hybrid client honeypot that incorporates features of both low and high interaction honeypots. It aims to detect client-side attacks by actively visiting websites while also monitoring the system for malware. The hybrid approach aims to overcome limitations of existing client honeypots by detecting zero-day attacks while remaining efficient. It discusses background on honeypots, client honeypots, and detection approaches. The system framework incorporates both emulation and real execution to balance detection abilities and resource usage.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
The document describes a proposed integrated honeypot system that aims to detect zero-day attacks, SSH attacks, and keylogger-spyware attacks. The system uses honeypots deployed in virtual machines to log attack behaviors. A separate detection framework then analyzes the honeypot logs to generate new signatures for intrusion detection and prevention systems like Snort. The integrated honeypot includes features for logging details of the targeted attacks. The system is meant to help update defenses against new attack patterns.
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
The development of attack toolkits conforms that cybercrime is driven primarily by financial motivations as noted from the significant profits made by both the developers and buyers. In this paper, an enhanced hybrid attack toolkit mitigation model was designed to tackle the economy of the attack toolkits using different techniques to discredit it. The mitigation looked into Zeus, a common and the most frequently used attack toolkit to discover the hidden information used by the attackers to launch attacks. This information helped in creating honey toolkits, honeybot and honeytokens. Honeybots are used to submit honeytoken to botmasters, who sells to the internet black market. Both the botmasters, his mules and buyers attempts to steal huge amount of money using the stolen credentials which includes both real and honeytokens and will be detected by an attack detector which sends an alert on any transaction involving the honeytokens. A reconfirmation process which is secured using enhanced RC6 cryptosystem is enacted. The reconfirmation message in plain text is securely encrypted into cipher text and transmitted from the bank to the legitimate account owner and vise visa. The result of the crypto analysis carried out on the encrypted text using RC6 encryption algorithm showed that the cipher text is not transparent.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
1 ijaems sept-2015-3-different attacks in the network a reviewINFOGAIN PUBLICATION
This document discusses various types of network attacks. It categorizes attacks as either active or passive. Active attacks try to bypass security and modify information, and include denial of service attacks, IP spoofing, man-in-the-middle attacks, and masquerading. Passive attacks monitor unencrypted traffic to obtain sensitive information without detection, through eavesdropping, traffic analysis, or network analysis. Other attack types discussed are viruses, phishing, sniffing passwords. The document provides details on these different network attacks.
This document discusses network security. It begins by defining network security and explaining the three main types: physical, technical, and administrative security controls. It then defines vulnerabilities as weaknesses that can be exploited by threats such as unauthorized access or data modification. Common network attacks are described as reconnaissance, access, denial of service, and worms/viruses. Emerging attack trends include malware, phishing, ransomware, denial of service attacks, man-in-the-middle attacks, cryptojacking, SQL injection, and zero-day exploits. The document aims to help students understand vulnerabilities, threats, attacks, and trends regarding network security.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Now a day’s risk of becoming a victim of spam and phishing attacks increases while accessing Internet. Many Web
sites exhibit violent and illegal content. Most of users are now unable to protect their networks and themselves also. However,
some countries have deployed systems for filtering the Web content. Since, the existing systems show high latency and overblocking.
Thus, an efficient method for Web filtering concept to protect users at the Internet service provider level is
presented. The proposed solution can detect and block illegal and threatening Web sites. The suggested scalable softwarebased
approach can examine Internet domains in wire speed without over-blocking. The Web filter serves as security measure
for all connected users, especially for users with limited IT expert knowledge. This solution is totally transparent to all
Network devices in the network. Setup, installation and maintenance can be created only by the Internet Service provider
administrator. So, the suggested security system is safe from attacks from users and from the network side.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
Today internet security is a serious problem. For every consumer and business that is on the Internet,
viruses, worms and crackers are a few security threats. There are the obvious tools that aid information security
professionals against these problems such as anti-virus software, firewalls and intrusion detection systems, but
these systems can only react to or prevent attacks-they cannot give us information about the attacker, the tools
used or even the methods employed. Given all of these security questions honeypots are a novel approach to
network security and security research alike. It is a resource, which is intended to be attacked and compromised to
gain more information about the attacker and the used tools. It can also be deployed to attract and divert an
attacker from their real targets. Honeypots is an additional layer of security. Honeypots have the big advantage that
they do not generate false alerts as each observed traffic is suspicious, because no productive components are
running on the system. The levels of interaction determines the amount of functionality a honeypots provides that
is low and high interactions.
Data Mining For Intrusion Detection in Mobile SystemsIOSR Journals
This document discusses using data mining techniques for intrusion detection in mobile systems. It proposes a network-based approach that removes processing overhead from mobile phones. An application on the phone collects user data and sends it to a remote server, where a previously trained neural network classifier analyzes the logs and detects abnormalities. The method was shown to detect intrusions at a 95% rate while outperforming existing mobile intrusion detection methods. It reduces processing on phones while effectively detecting intrusions in mobile networks and systems.
Autonomic Anomaly Detection System in Computer Networksijsrd.com
This paper describes how you can protect your system from Intrusion, which is the method of Intrusion Prevention and Intrusion Detection .The underlying premise of our Intrusion detection system is to describe attack as instance of ontology and its first need is to detect attack. In this paper, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-governing: self-labeling, self-updating and self-adapting. Our structure employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies.
The use of honeynet to detect exploited systems (basic version)amar koppal
This document discusses the use of honeynets to detect exploited systems and hackers. It begins with an abstract and introduction on the topic. It then provides definitions of key terms like honeynet and honeypot. It describes the principles of data capture and data control that honeynets rely on. It discusses the differences between first (GEN I) and second (GEN II) generation honeynets. It outlines the typical honeynet architecture including honeypots and honeywalls. It explains how honeynets work to study attacker activities and methods. Finally, it discusses some advantages like high value data and simplicity, and disadvantages like narrow field of view of using honeynets.
Detecting HTTP Botnet using Artificial Immune System (AIS)sadique_ghitm
This document proposes a new framework for detecting HTTP botnets using an Artificial Immune System (AIS). AIS is a bio-inspired model that applies concepts from the human immune system to solve information security problems. The proposed framework uses AIS techniques to detect malicious activities like spamming and port scanning on networks infected with HTTP bots. Experimental evaluations showed the approach can successfully detect HTTP botnet activities with high efficiency and low false positive rates.
Detection and prevention of keylogger spyware attacksIAEME Publication
This document summarizes a proposed method for detecting and preventing keylogger spyware attacks. Keylogger spyware poses a serious threat by recording keyboard keystrokes to steal sensitive information like passwords and account numbers. The proposed method uses a detection and prevention system to identify keyloggers and remove them from infected systems. It aims to protect systems from this type of malware in a network. The document provides an overview of different types of malware like adware, spyware, and keyloggers, and describes how keylogger spyware works by logging keystrokes and transmitting the stolen data to malicious users.
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document discusses the design and implementation of a hybrid client honeypot that incorporates features of both low and high interaction honeypots. It aims to detect client-side attacks by actively visiting websites while also monitoring the system for malware. The hybrid approach aims to overcome limitations of existing client honeypots by detecting zero-day attacks while remaining efficient. It discusses background on honeypots, client honeypots, and detection approaches. The system framework incorporates both emulation and real execution to balance detection abilities and resource usage.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document summarizes a proposed network attack alerting system that aims to reduce the large number of alerts generated by intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack attacking tools on a virtual network lab environment. Well-known open source security tools on the Security Onion Linux distribution are used to generate alerts. The system defines rules to identify important alert types and stores alerts in a database. It aims to eliminate redundant alerts for the same attack by analyzing attributes like source/destination IP and port. Alert severity levels are defined using threshold counts and times to classify alerts and help administrators respond appropriately.
Defense mechanism for ddos attack through machine learningeSAT Journals
Abstract
There is a huge advancement in Computer networking in the past decade. But with the advancement, the threats to the computer networks are also increased. Today one of the biggest threats to the computer networks is the Distributed Denial of Service (DDoS) flooding attack. This paper emphasizes the application layer DDoS flooding attacks because these (layer seven) attacks are growing rapidly and becoming more severe problem. Many researchers used machine-learning techniques for intrusion detection, but some shows poor detection and some methods take more training time. From a survey, it is found that Naïve Bayes (NB) algorithm provides faster learning/training speed than other machine learning algorithms. Also it has more accuracy in classification and detection of attack. So we are proposing a network intrusion detection system (IDS) which uses a machine learning approach with the help of NB algorithm.
Keywords: DDoS (Distributed Denial of Service) flooding attack, Machine Learning, Naïve Bayes, Network Intrusion Detection
The document discusses the design and implementation of a virtual client honeypot to collect internet malware. A client honeypot is an active security system that simulates client-side software to detect attacks against clients. The proposed virtual client honeypot collects URLs from a database, launches them in a virtual machine, and monitors for malware downloads and changes to the file system and network activity. The honeypot was able to successfully collect malware samples and network packet captures from malicious websites exploiting client-side vulnerabilities.
1. Ingress filtering verifies the source addresses of incoming traffic to prevent spoofing, while egress filtering verifies outgoing traffic to prevent internal threats from spreading.
2. Separate filtering helps isolate parts of the network and only allow expected communication patterns between servers, workstations, and the internet.
3. We need to separately filter ingress and egress traffic to harden network security by blocking unauthorized internal and external access and communication, and containing any threats that do arise.
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
Among the various forms of malware attacks such as Denial of service, Sniffer, Buffer overflows are the most dreaded threats to computer networks. These attacks are known as botnet attacks and self-propagating in nature and act as an agent or user interface to control the computers which they attack. In the process of controlling a malware, Bot header(s) use a program to control remote systems through internet with the help of zombie systems. Botnets are collection of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) structure. A server commands to the bot and botnet and receives the reports from the bot. The bots use Trojan horses and subsequently communicate with a central server using IRC. Botnet employs different techniques like Honeypot, communication protocols (e.g. HTTP and DNS) to intrude in new systems in different stages of their lifecycle. Therefore, identifying the botnets has become very challenging; because the botnets are upgrading their methods periodically for affecting the networks. Here, the focus on addressing the botnet detection problem in an Enterprise Network
This research introduces novel Solution to mitigate the malicious activities of Botnet attacks through the Principle of component analysis of each traffic data, measurement and countermeasure selection mechanism called Malware Hunter. This system is built on attack graph-based analytical models based on classification process and reconfigurable through update solutions to virtual network-based countermeasures.
Intrusion Detection & Prevention Systems (IDPS) are crucial for protecting computers and detecting threats in real time. As threats have grown in the 21st century, IDPS have also evolved, with different types providing various protection functions. Effective IDPS not only detect and prevent attacks, but also log events, create reports on recent attacks, and provide detailed information. Detection methods include signature-based detection by comparing traffic to known attacks, anomaly-based detection by identifying deviations from normal behavior, and policy-based detection by enforcing allowed functions.
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
The document discusses a proposed method for detecting viruses and malware that evade existing antivirus software. It uses a combination of analyzing files with VirusTotal's database of known threats and applying natural language processing techniques like suffix trees and TF-IDF to identify malicious patterns in files. An evaluation shows the proposed method can detect viruses that existing antivirus and VirusTotal miss, achieving a 97% accuracy rate in testing.
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
This document compares different types of honeypot systems. It discusses low, medium, and high interaction honeypots. Low interaction honeypots are easiest to install but provide limited information on attackers. High interaction honeypots deploy real operating systems and applications and provide the most detailed attacker information but are also highest risk and hardest to manage. The document analyzes the tradeoffs between honeypot interaction levels in terms of effort, information gathered, and security risks.
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
The document proposes a new system called PhishDect and Mitigator to detect and mitigate phishing attacks using software-defined networking (SDN). It uses deep packet inspection techniques and a convolutional neural network (CNN) to classify phishing signatures. Traffic is directed through either a "store and forward" or "forward and inspect" mode. In store and forward mode, packets are stored and inspected before forwarding. In forward and inspect mode, packets are forwarded first and then a copy is inspected. The system aims to overcome limitations of existing phishing detection methods.
Intrusion Detection System using AI and Machine Learning AlgorithmIRJET Journal
This document discusses using artificial intelligence and machine learning algorithms to develop an intrusion detection system (IDS). It begins with an abstract that outlines using AI to act as a virtual analyst to concurrently monitor network traffic and defend against threats. It then provides background on IDS and the need for more effective automated threat detection. The document discusses classifying attacks, different types of IDS (host-based and network-based), and detection methods like signature-based and anomaly-based. It aims to develop an IDS using machine learning algorithms that can learn patterns to provide automatic intrusion detection without extensive manual maintenance.
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
This document describes the design and implementation of a Linux-based network forensic system using honeynet technology. The system uses a virtual honeynet to collect network attack traces that can be used for further investigation. A virtual honeynet environment is created using Open Source Virtual Box to simulate systems under attack. The collected logs and data provide digital evidence of attacks that can help with network forensics investigations.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
Similar to Client Honeypot Based Drive by Download Exploit Detection and their Categorization (20)
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...PriyankaKilaniya
Energy efficiency has been important since the latter part of the last century. The main object of this survey is to determine the energy efficiency knowledge among consumers. Two separate districts in Bangladesh are selected to conduct the survey on households and showrooms about the energy and seller also. The survey uses the data to find some regression equations from which it is easy to predict energy efficiency knowledge. The data is analyzed and calculated based on five important criteria. The initial target was to find some factors that help predict a person's energy efficiency knowledge. From the survey, it is found that the energy efficiency awareness among the people of our country is very low. Relationships between household energy use behaviors are estimated using a unique dataset of about 40 households and 20 showrooms in Bangladesh's Chapainawabganj and Bagerhat districts. Knowledge of energy consumption and energy efficiency technology options is found to be associated with household use of energy conservation practices. Household characteristics also influence household energy use behavior. Younger household cohorts are more likely to adopt energy-efficient technologies and energy conservation practices and place primary importance on energy saving for environmental reasons. Education also influences attitudes toward energy conservation in Bangladesh. Low-education households indicate they primarily save electricity for the environment while high-education households indicate they are motivated by environmental concerns.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELijaia
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Client Honeypot Based Drive by Download Exploit Detection and their Categorization
1. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 86 | P a g e
Client Honeypot Based Drive by Download Exploit Detection and
their Categorization
Mandeep Sidhu*, Rajneesh Narula**
*M.Tech Scholar (Computer Science and Engineering, Adesh Institute of engineering and technology faridkot –
Punjab Technology University)
** Assistant Professor (Computer Science and Engineering, Sant Adesh Institute of engineering and technology
faridkot –Punjab Technology University)
ABSTRACT
Client side attacks are those which exploits the vulnerabilities in client side applications such as browsers, plug-
ins etc. The remote attackers execute the malicious code in end user’s system without his knowledge. Here in
this research, we propose to detect and measure the drive by download class of malware which infect the end
user’s system through HTTP based propagation mechanism. The purpose of this research is to introduce a class
of technology known as client honeypot through which we execute the domains in a virtual machine in more
optimized manner. Those virtual machines are the controlled environment for the execution of those URLs.
During the execution of the websites, the PE files dropped into the system are logged and further analyzed for
categorization of malware. Further the critical analysis has been performed by applying some reverse
engineering techniques to categories the class of malware and source of infections performed by the malware.
Keywords –Client Honeypot, Drive-by-Download, Client-side exploits, Intrusion Detection, Malware Analysis
I. INTRODUCTION
If we see the current internet usage statistics, the
users who are using the internet with the help of
laptop, PC and mobile phones, do not know about the
security related aspects such as how to protect the
computer from malicious software’s which are
spreading over internet. Over the past few years, as
the number of computers are connected on internet,
the computer security is gaining popularity. The
growing number of computers connected to the
internet, new benefits as well as the new threats has
been arisen. The number of attacks are increasing on
a daily basis from everywhere in the world.
Prevention tools like firewalls cannot protect
networks on their own anymore. Attackers get
smarter and they are able to overcome such
prevention systems. Although in the current internet
world, the number of universities, organizations
owned by government is providing the workshops
and tutorials to their students to get awareness about
the network security issues and to defend against the
computer attacks.
In the field of network security, there are two
kinds of communities to be deal with- black hats and
white hats. It becomes quite interesting when the
white hat community are not only keen to defend the
networks but are keen to gather the attack logs to
make the fool of black hats.
The work in this paper is based on
implementation of class of honeypot so called client
side honeypots which is able to actively browse the
malicious weblinks and able to get exploited by the
infections in those weblinks. Once the exploits have
been performed, the activities of the attackers are
being logged which are further studied to get the
inference and detailed behavior of the attackers. The
complete process and methodology of the thesis
implementation can be summarized into below steps:
Actively browse the weblinks in controlled
environment
Responding the attacker to capture the in depth
infection
Collection of attack data in the form of network
traffic and PE executable files.
In today’s modern life, computer and internet is
becoming the important part of everyone life and
more and more volume of peoples are connected
through the internet world. The term internet is
basically a World Wide Web (WWW) which is
becoming a useful resource of information for
everyone’s life with the current development of
internet. With many of positive effects of the internet
in our current modern life, there are also some sort of
negative effects in the form of network security as
more and more kind of malwares are spreading over
the internet which can affect the innocent users
connected over the internet. A number of malware
such as virus, Trojan horse exist in the Internet. The
malware has the characters of profit [1]. It behaves in
these ways: stealing personal information, user names
and passwords.
1. Intrusion Detection System
RESEARCH ARTICLE OPEN ACCESS
2. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 87 | P a g e
An Intrusion detection system (IDS) is a security
system that monitors computer systems and network
traffic and analyses that traffic for possible hostile
attacks originating from outside the organization and
also for system misuse or attacks originating from
inside organization.
1.1. Classifications of Intrusion Detection
System
Host Based IDS
Network Based IDS
Host Based IDS
Host based IDS consists of software or AGENT
components, which exist on Server, Router, Switch
or Network appliance. The agent versions must report
to a console or can be run together on the same Host.
This is NOT the preferred method though.
Network Based IDS
Network based IDS captures network traffic
packets (TCP, UDP, IPX/SPX, etc.) and analyses the
content against a set of rules or signatures to
determine if a possible event took place. False
positives are common when an IDS system is not
configured or “tuned” to the environment traffic it is
trying to analyse. Network Node is merely an
extended model of the networked IDS systems
adding aggregated and dedicated IDS servers on each
NODE of a network in order to capture all the
networked traffic not visible to other IDS servers.
Techniques based classification: Intrusions can be
detected by various techniques. Most important of
those are:
Anomaly detection
In the case of anomaly detection, the anomaly
detector constructs the profiles of normal system
behaviour and then uses this behaviour to detect any
kind of abnormal activities in the network. To
determine the attack traffic, the system must be
learned to identify the normal behaviour. This kind of
learning the system can be performed in many ways
such using the subject knowledge of AI techniques.
Another method can be of using the mathematical
models. It can also be known as strict anomaly
detection method.
Signature detection
Figure 1.2 depicts the working of the signature
based detection approach in detection of intrusions in
the network. Normally these kinds of solutions are
used in real time protection of the network.
Figure 1.1 Diagram of Misuse Detection
1.2. Honeypots
1.2.1. What is Honeypots:
A Network security resource whose value is
being probed, scanned, attacked, compromised,
controlled and misused by an attacker to achieve his
objective or we can say the black hat community
target the network resources and honeypot is a
resource to be attacked by the attackers so that the
activities of the attackers is being logged by the
honeypot which are further analysed to study the
behavior of the attackers. Lance Spitzner defines
Honeypots as “A Honeypot is an information system
resource whose value lies in unauthorized or illicit
use of that resource” [2].
A honeypot is a computer which has been
configured to some extent to seem normal to an
attacker, but actually logs and observes what the
attacker does. Thanks to these modifications,
accurate information about various types of attacks
can be recorded. The term honeypot was first
presented by Lance Spitzner in 1999 in a paper titled
To Build a Honeypot [3].
In a general way, a honeypot is basically a
computing resource, whose main purpose is to be
attacked, probed, and compromised by the attacker in
any form of unauthorized way. As we said the
computing resource which could be of any types: a
service to be exploited by the attackers, a application,
a system or set of systems, or it can be just a piece of
information or data. The basic concept here is that
any kind of interaction with those resources in the
form of honeypots is treated as suspicious by
definition. All the interaction occurred between any
entity and honeypots is monitored and logged which
are further analysed in details to get the internal
behavior about the adversaries.
Classifications of Honeypot:- The honeypot can be
categorized by the two basic fundamental classes
which is “types of attacked resources” and “level of
interaction” [4] . The first class- types of attacked
resources- depicts the types of resources of the
honeypots, whether the honeypot’s resources which
are being exploited are server side resources or client
side resources. In case of server side honeypots, the
3. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 88 | P a g e
network services such as SSH or NetBIOS, are being
listened on their standard ports and any connections
initiated by remote client is monitored for any kind of
suspiciousness whereas in case of client side
honeypots, a client side application such web browser
which connect to the remote server, are being
monitored.
Next classification is based on the level of
interaction- low interaction, high interaction and
hybrid honeypots. Here level of interaction we mean
the kind of environment provided by the honeypots to
the remote attackers.
Figure 1.2 Honeypots classifications
As shown in the figure 2, the server side and
client side honeypots are based on the criteria of the
services or application exploited are either on server
side or client side whereas the level of interaction
determine whether the honeypots are real or
emulated. Real honeypots provide the real
environment in the form of real services and real
Operating system to the attackers so that these real
services will get exploited whereas in case of
emulated kind of honeypots, there is no real
environment, only fake services and fake applications
will be visible to the attackers. The real honeypots
are called high interaction honeypot and the emulated
honeypots are low interaction honeypots. A hybrid
honeypots is basically combines the functionalities of
both categories of honeypots which provide both real
and emulated honeypots.
Server Side Honeypots: This category of Honeypots
able to detect and study the attacks occurred on
network services. They expose the opened ports and
services or the whole applications to the attackers and
they listen passively for any incoming connections,
established by the remote user or attackers. Those
remote users are likely malicious in nature as the sole
purpose of honeypots is to collect the attacks data,
hence there is not any kind of production values
associated with the honeypots. Server side honeypots
are also known as passive class of honeypots as they
wait passively for attacks.
Client Side Honeypots: These categories of
honeypots are able to detect the attacks on client side
applications such as browsers, plug-ins. These client
applications are software’s which make the
connections to the remote server. The client
honeypots also known as honeyclient, actively
browse the remote servers and collect the attacks data
associated with those remote server, thereby these are
also known as active honeypots.
If we see the operations and working capabilities
of the server and client honeypots, the client
honeypots are very different than server or passive
honeypots. Client honeypots actively make the
connection to the remote server in order to detect any
kind of malicious behavior of the remote server. The
most popular honeyclients are those detecting attacks
on web browsers and their plug-ins, propagated via
web pages. Some also have the capability to look at
various forms of attachments, and they have been
attempts to create instant message honeypots as well.
1.1 Drive by Download:-
The Drive-by download is class of malware
which download on a user’s computer without his
concern or without his knowledge. In the field of
computer security, drive by download infection is
usually triggered when the user visits the potential
malicious weblink and the attack has occurred by
exploiting the browser’s vulnerability. The binary file
which is downloaded on a user’s computer is usually
a program which is malicious in nature and which
installs itself on the user’s computer. In this research
thesis, we discuss the problem of drive-by download
class of malwares and possible detection mechanism
of them through high throughput client honeypot.
Here in this thesis, we also discuss the
difficulties of detection of drive-by download
malware samples and propose the solution which
could solve the purpose of drive by download kind of
malware collection. If we look at the historical cases
of drive by download infection, many cases of
infections have been observed in the first half of 2008
[5]. In each infection of these attacks, the websites
have been used in order to distribute and spread the
malware, and many numbers of computers have been
infected when the users are simply browsing the
internet with the help of normal browser applications.
Infection of Drive-by download class of malware is
very complex since there is no single and concrete
mechanism to detect these kinds of attacks.
In order to infect the user’s computer, the
attacker’s turns to target the upper layers of the OSI
stack to drop the malwares such as the exposed web
services are increasing the targeted medium by the
attackers to propagate the attacks [6, 7]. As stated in
the above paragraphs, the attacks know as “Drive-by-
Download” target the web applications to make the
exploits and to drop the malwares into user’s
computer. They make the attacks by exploiting the
browser vulnerability for insertion of the malicious
program into the user’s machine without the user’s
4. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 89 | P a g e
consent or notice, when the client interacts with the
server to retrieve an infected web page.
The infection process by actively browsing the
remote server by the users is depicted in the figure 3
and figure 4. On the user’s computer, a browser
initiate the request to the remote web server (step-1)
and the in response the server dropped the malicious
code into the user’s computer (step-2) by exploiting
the browser’s vulnerability. The vulnerabilities on the
client side are targeted by the Drive-by-Download
class of attacks by sending the exploits in response to
the request generated by the client’s machine. Within
the client side browser’s applications, there is a
vulnerability associated with the browser itself.
There can also be other installed software programs
on the client machine which can be targeted by the
drive by download class of malwares such as shared
libraries and plug-ins, active X components etc.
1.4.1 Phases of Drive-by-Download Attacks [8]: The
infection and attack propagation mechanism of
Drive-by-Download include the various steps. Firstly
the attacker makes the legitimate websites as
malicious by injecting some kind malicious code into
it. When the normal user browses the weblink
through the application browser, it injects this
malicious program into user’s machine by exploiting
the browser side vulnerabilities which is also known
as client side vulnerabilities.
Figure 1.3 Step-1 of Client side attack
The attack cycle incorporating the various steps:-
1) The legitimate web servers are targeted by the
attackers to insert the scripts in the web
applications. Those inserted scripts are the
malicious which will execute when any user will
browse the web application.
2) The user visits the compromised weblink which
become victim of the attacker.
Figure 1.4 Step-2 of Client side attack
3) The web server on which the user have been
visited, send the response along with the
malicious script which he had inserted into the
weblink. The malicious injected script is either in
the form of exploits or it can be a script that
imports another code form central server.
Figure 1.5 Drive-by-Download Infection steps
4) Hop count is the redirections made from one web
server to another which also plays the source of
infection.
5) The central exploit server has been reached after
multiple redirections so called hop count.
6) The exploit scripts have been loaded into the
user’s machine by the central server.
7) By exploiting the browser’s vulnerabilities, the
remote attackers take the full control of the
victim’s system.
5. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 90 | P a g e
8) The exploits which is occurred on the victim
machine take the browser to visit the malware
distribution sites. This is actually the phase of
starting the drive-by-download attacks.
9) The PE executables files are downloaded.
10) The victim or user’s machine automatically
executes the malicious code after the malware
download.
II. IMPLEMENTATIONS
2.1 Methodology:- The purposed work
completes through the following steps in order to
analyze the network attacks.
System development and creation of
environment for logging the file system
activities.
Virtual machine development for browsing of
websites
Network settings and creation of control
network.
Establish and configure the guest client honeypot
machine.
Website submission for visitation.
Design of data base tables.
Development and integration of monitoring
modules
Integration of signature based detection tools
Development of automatic report generation
code
Analysis and report generations
2.2 System Design:
Here we discuss and present the complete system
design of the implemented system. As shown in the
below architecture and system design, the major
modules of the system are presented.
Figure 2.1 Automated System Design for Drive by
Download Malware Collection
Modules of the System:
1. Weblink inserter: - This module inserts the URL
or list of URL into database from where they can
be taken for further analysis and browsing
purpose. The code is written in perl language
which picks the URL one by one from the pool
and inserts them into Mysql database.
2. Database: - For the purpose of logging the URLs
and their analytical results, the MySQL database
is designed. The historical logs of the collected
data set can be seen by applying the queries to
the database.
3. Queuer: - This is third module in the
implemented system, the main purpose of it
basically making the URLs into queue for the
execution.
4. Window XP based Visitor: - This is real
environment in which we actually browse the
web link. The web links are visited in a
sequential or random manner. When there is
multiple list of URLs to be visited into a
database, they are pulled one by one and browse.
At the same point of time, a single web link or
multiple weblinks can be visited. The key
features of the module are:
a. Virtual Machines based execution
b. Browsers and plug-ins
c. Applications
d. Network Traffic Monitoring
5. Malware Categorization: - In the malware
categorization, the collected malware samples
which are dropped into user’s machine are
submitted to the popular anti-virus scanner
through a popular web service
www.virustotal.com [9]. The result of this
module is labeled malwares class such as Trojan
downloader, worm etc.
2.2.1 Major Components of the system
Visitor (Controlled environment for URL
browsing):- This is a controlled environment for
the execution of malicious URLs by using the
Virtual machines. Here we use the technology so
called virtual machines through which we can
use the resources of the single base machine and
which helps in creation of multiple operating
systems. This basically reduces the cost of the
hardware requirement because we can create
multiple resources on a single base machine.
Here we had created the Window XP service
pack 2 virtual machine for the execution of the
malicious URLs.
Window XP based Visitor
Here in the module, the malicious domains are
executed through the window XP machine using the
internet explorer. Following major monitoring
modules are being used to monitor the network level
activities.
Network Monitoring from windows virtual
machine to the internet
Standard Data capturing tools – TCPDUMP
6. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 91 | P a g e
Network Traffic Monitoring and logging of
data.
Network dumps in the form of PCAP data are
being generated corresponding to each URL
which is later being processed with data
processing engine to extract the malwares
dropped on a victim machine.
2.3 Algorithm and Flowchart
Figure 2.2 Flowchart
2.4 Report Generation and Data Processing
Engine
In this module, we process the network logs
collected during the active browsing of the URLs to
generate the report of attacks like attack distributions,
port-wise distributions, bar charts, pie-charts of
attacks etc. The processed data is also saved into
MySQL database for further future purposes. The
flow diagram of the report generation module is
depicted in the figure 2.3. The network logs collected
are processed through IDS engine to generate the log
file of attack data. Then these alert files are again
processed through report generation engine which
uses the open source libraries to produce the
graphical reports of the attacks.
Figure 2.3 Report generation engine
Some collected DBD Malware samples:
weblink DBD malware MD5 VT
detecti
on
http://x.x.x./yy-
movie0085.html
c54afad405cd87fc1b6d2dcc2
2d1d53a
44/46
http://xxx/yy.html c54afad405cd87fc1b6d2dcc2
2d1d53a
44/46
http://xxx/yy1.html c54afad405cd87fc1b6d2dcc2
2d1d53a
44/46
Table 1: URL and MD5 malware collections
Report Generation and Distribution of Attacks:
Figure 4.15 represents the distribution of attacks after
the processing of network logs during the actively
browsing of URLs in our system. The hourly
distribution of attacks is depicted in the below figure.
7. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 92 | P a g e
Figure 2.4: Hourly distribution of attacks.
III. Conclusion
In this paper, we present the developed system is
able to collect the infections known as drive by
download malwares which are dropped on the user’s
machine without his knowledge or concern.
With the implemented research work we have
tried to present our efforts to defend the regular rising
of client side attacks on the internet. At the same
time, we also observed the affect of drive by
download malware which may affect the normal
user’s machine and can steal important information
from his computer such as credit cards information,
passwords etc. First of all, we showed the
significance and need to defend against the client side
malwares which are spreading on the internet and
they are increasing in exponential manner. These
client side malware exploit the client side
vulnerabilities such as browsers, installed client side
applications, plug-ins etc. Thereafter, we introduced
the reader to various classes of malware to get the
internals about the malicious softwares. Then we
introduced the concept of honeypot technology and
importance of honeypots in terms of network
security. The most of network security devices such
as firewalls, IDS etc are working the principle of
signature based detection which is so called reactive
model of network security, in compare to those
honeypots work on the principle of proactive kind of
network security.
As the next step, we presented some existing
solutions in the form of client honeypots which are
useful for detection of malicious websites and
malwares spreading by actively browsing these
potential websites. Then based in the drawback in
current solutions of the client honeypot, we
introduced our solution - the Drive by download
malware collection through client honeypots - and
explained its implementation and modules of
working. We presented the detailed system design
which is mixture of network traffic analysis and some
scope of current existing solutions. In our system
design, one block is for actively browsing the
weblinks and monitoring the complete network
traffic. Another block is extraction of PE executables
from the collected network traffic and then last block
is categorization of malwares through virus scanner
with virustotal.com.
In the final, we tested the execution of potential
malicious weblinks and seen whether our system is
able to collect the malwares. We learned some good
lessons and also found some interesting results during
the malware collection. We also cross checked the
system by applying the manual analysis of network
with deep packet inspection and we found that our
system is able to collect the drive by download
malware samples.
In the end, we conclude here that researchers
need to concentrate more on client side attacks to
protect the end users. There is increase rise in botnet
attacks which use the malicious weblinks to
propagate. In our current research work, the
functionality of crawler is missing which we would
like to propose by integrating any generic crawler.
Also our execution environment is limited in the
form of window XP service pack 2, whereas the
functionality of the most advance malwares majorly
relying on the kind of executions environment they
will get. If they do not get the correct environment,
the malware do not behave accordingly. Therefore,
we also would like to propose more profiles for
execution of potential weblinks which is a resources
intensive and computing problem. In the next, we
also propose that any researchers may apply the
automated signature generation mechanism through
inspection and exploring the semantic behavior of the
collected malware samples which is also lacking in
the current scope of research. Once all the research
capabilities are added in the current research, then it
might greatly lead to the maturity and significant
improvement to defend the client side attacks.
ACKNOWLEDGEMENTS
I would like to acknowledge Assistant Professor,
Rajneesh Narula for her support and guidance in
writing this research paper
References
[1] Ren Liu. China virus status & Internet
Security Report in 2006.2007-02-
01.http://www.donews.com/Content/200702
/eda7daf7970448608b2881d97c9a1868.sht
m.
[2] Spitzner, L. (2002). Honeypots: Tracking
Hackers.US: Addison Wesley. pp 1-430.
[3] Spitzner, L. (2002). Honeypots: Tracking
Hackers.US: Addison Wesley. pp 1-430.
[4] Proactive Detection of Security Incidents
Honeypots, 2012-11-20
8. Mandeep Sidhu Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -5) April 2015, pp.86-93
www.ijera.com 93 | P a g e
[5] R. Naraine. Internet explorer feature
causing drive by malware attacks.
http://blogs.zdnet.com/security/?p=1361
[6] J.R. Greene, The encyclopedia of Police
Science, 3rd ed.,vol. A-I, Taylor & Francis
Group, New York, 2007
[7] Organization for Economic Cooperation and
Development, "Malicious software
(Malware): A security threat to the internet
economy", OCED Ministerial Meeting,
Seoul, Korea, 2008. [Online].Available:
http://www.oecd.org/dataoecd/53/34/407244
57.pdf
[8] Paul Baecher, Thorsten Holz, Markus
Koetter, and Georg Wicherski. Know your
enemy: Tracking botnets. The Honeynet
Project, 2005.
[9] . www.visustotal.com