monkey spider
play

Monkey-Spider Detection of Malicious Web Sites Final presentation - PowerPoint PPT Presentation

Aug 03, 2023 •341 likes •665 views

Monkey-Spider Detection of Malicious Web Sites Final presentation of the diploma thesis Ali Ikinci ali[at]ikinci.info 9. July 2007 Head of Department: Prof. Dr. Felix Freiling Supervisor: Dipl.-Inform. Thorsten Holz Laboratory for Dependable

  1. Monkey-Spider Detection of Malicious Web Sites Final presentation of the diploma thesis Ali Ikinci ali[at]ikinci.info 9. July 2007 Head of Department: Prof. Dr. Felix Freiling Supervisor: Dipl.-Inform. Thorsten Holz Laboratory for Dependable Distributed Systems UNIVERSITY OF MANNHEIM UNIVERSITY OF MANNHEIM

  2. Outline  Problem and challenge  Simplified architecture  Requirements analysis  Honeypots vs. honeyclients  Monkey-Spider architecture  Limitations  Preliminary results  Key Findings

  3. Problem  Client side attacks are on the rise  Many abuses of the Internet [1][2][3]  No comprehensive and free database of threats on the Internet  HoneyMonkey [4]  SiteAdvisor [5] The Monkey-Spider 3

  4. A sample SiteAdvisor site report The Monkey-Spider 4

  5. Challenge  Find actual threats and zero-day exploits on the Internet  Collect malicious code  Allow various infection vectors  Build a database with detailed relevant information about threats  Continuous monitoring of suspicious resources The Monkey-Spider 5

  6. Simplified Architecture of the Monkey-Spider system Internet Scanner Crawler DB The Monkey-Spider 6

  7. Requirements Analysis  Performance  Modularity and Expandability  Multithreaded modules  Parallel operation  Scalability  Usability The Monkey-Spider 7

  8. Requirements Analysis  Crawler part:  Crawling policies  Link extraction  URL normalization  Efficient storage The Monkey-Spider 8

  9. Requirements Analysis  Malware scanner:  Multiple malware scanners  Support for automated dynamic malware analysis tools  Expandability  Database  Store relevant information  Bunch of standard querys The Monkey-Spider 9

  10. Solution Ideas  Do not reeinvent the wheel  Use existing Free Software  Use existing honeypot technologies  Use extensive prototyping The Monkey-Spider 10

  11. Honeypots Honeypots are dedicated deception devices  Two types:   server honeypots or honeypots and  client honeypots or honeyclients Both can be classified as:   low-interaction honeypots or  high-interaction honeypots Similar Web maliciousness detection systems operate either  as low- or high-interaction honeyclients The Monkey-Spider system operates as a crawler based low-  interaction honeyclient The Monkey-Spider 11

  12. Honeypot vs. Honeyclient The Monkey-Spider 12

  13. Monkey-Spider: Architecture The Monkey-Spider 13

  14. Monkey-Spider: Queue Generation  Provide starting point(s) (seeds) utilizing different approches:  Web search seeders (Google, MSN and Yahoo)  (Spam) mail seeder  Hosts file seeder  Monitoring seeder The Monkey-Spider 14

  15. Heritrix WebCrawler [6] Built for the Internet Archive  Free Software  Recursive, scalable and multithreaded crawling  Thouroughly tested  Continously extended  Many parameters  Controled with   Web interface  Java Management Extensions (JMX) Generates ARC-files as output  The Monkey-Spider 15

  16. The Heritrix Web Interface The Monkey-Spider 16

  17. ARC File-Format  Designed by the Internet Archive  Large aggregate files for ease of storage  Features: Sample:  self-contained http://www.dryswamp.edu:80/index.html\ 127.10.100.2 19961104142103 text/html 202  multi-protocol able HTTP/1.0 200 Document follows Date: Mon, 04 Nov 1996 14:21:06 GMT  streamable Server: NCSA/1.4.1 Content-type: text/html Last-modified:\ Sat,10 Aug 1996 22:33:11 GMT  viable Content-length: 30 <HTML> Hello World!!! </HTML> The Monkey-Spider 17

  18. Malware Scanner  ARC-Files are unpacked and examined  MW-Scanners are executed on crawled content  Found Malware is stored  Information regarding the malware is stored into database The Monkey-Spider 18

  19. The Monkey-Spider Web interface  Controles the whole system  Modules are seperately manageable  Standard querys are provided  Job based  Authentification The Monkey-Spider 19

  20. The Seed generation page The Monkey-Spider 20

  21. Limitations Analysis is limited to the publicly indexable web [7]  Only known malware is recognized and stored   Will be enhanced with CWSandbox Drive-by download sites, heavily obfuscated JavaScript  code and zero-day exploits are not recognized Full scan of the Web is not possible with Heritrix yet  Two seperate jobs are not aware of examining the same  sites and contents The Monkey-Spider 21

  22. Preliminary Results  We have done various crawls over two months  We crawled for various topics and did a hosts file based crawl  defective crawl settings caused incomplete preliminary results The Monkey-Spider 22

  23. MIME-type distribution of crawled content The Monkey-Spider 23

  24. Topic based maliciousness topic maliciousness in % pirate 2.6 wallpaper 2.5 hosts file 1.7 games 0.3 celebrity 0.3 adult 0.1 total 1 The Monkey-Spider 24

  25. Top 10 malware sites domain occurence desktopwallpaperfree.com 487 waterfallscenes.com 92 91 pro.webmaster.free.fr astalavista.com 15 bunnezone.com 14 oss.sgi.com* 12 ppd-files.download.com 12 888casino.com 11 888.com 11 bigbenbingo.com 10 * non malicious Web site The Monkey-Spider 25 (false positive)

  26. Top-10 malware types name occurence HTML.MediaTickets.A 487 Trojan.Aavirus-1 92 Trojan.JS.RJump 91 Adware.Casino-3 22 Adware.Trymedia-2 12 Adware.Casino 10 Worm.Mytob.FN 9 Dialer-715 8 7 Adware.Casino-5 Trojan.Hotkey 6 The Monkey-Spider 26

  27. Key Findings  1% of all examined Web sites are malicious  adult Web sites are relative harmless  most malware is spread through pirate and wallpaper propagation Web sites  to gather representative results a Web site has to be completely crawled and analysed  the scope of the crawl has to be choosen carefully  We know very little about malicious Web sites and their operators The Monkey-Spider 27

  28. Performance  We measured the performance of our crawls on a standard PC  Crawl performance of 1 MB/sec  Malware analysis (without the crawling) in 0.05 seconds per downloaded content and 2.35 seconds per downloaded and compressed MB  Resulting in about 3.35 seconds per analysed MB of content  In comparison: other low-interaction honeyclient based Web analysers require a minimum of 3 seconds per Web site The Monkey-Spider 28

  29. Future Trends  Attacks are concentrated more and more from the server to the client  Client programs other than the Web client are targeted more often, like Media Players, Flash and PDF interpreters  Advanced honeypot, virtual machine and anti- virus program detection techniques contained in malware complicates the detection of such The Monkey-Spider 29

  30. Live - Demo  Live demonstration of the current state of Monkey-Spider The Monkey-Spider 30

  31. Questions ? Thank you for your attention! The Monkey-Spider 31

  32. References [1] Anti-Phishing Working Group (APWG) „Phishing Activity Trends Report, Combined Report for September and October“ 2006 http://www.antiphishing.org [2] Thorsten Holz, „A Short Visit to the Bot Zoo“, IEEE Security & Privacy , 2005, volume 3, number 3, pages 76-79 [3] S. Saroiu, S. D. Gribble, and H. M. Levy „Measurement and Analysis of Spyware in a University Environment“ USENIX Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, March 2004 [4] The Strider HoneyMonkey Project http://research.microsoft.com/HoneyMonkey/ [5] McAfee SiteAdvisor http://www.siteadvisor.com/ [6] Heritrix the Internet Archive's WebCrawler http://crawler.archive.org/ [7] Lawrence, S. and Giles, C. L. 2000. Accessibility of information on the Web. Intelligence 11, 1 (Apr. 2000), 32-39. The Monkey-Spider 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda and bkth from phoenhex Who are we? Security enthusiasts who dabble in vulnerability research on their free time as part of phoenhex. Member of CTF

1.02k views • 56 slides
How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a

How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a

How to estimate a density on a spider web ? How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a spider web ? 2020 1 / 37 Spider web from exhibition On Air Tomas Saraceno spider web spider web Spider

753 views • 40 slides
Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning

Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning

Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning cumulative cultural evolution The Descent of the Homo lineage from 2 MYA Human capacity for culture evolved about here The Worlds 7000 -8000

412 views • 27 slides
SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the

SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the

SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the skin characterized as purple, blue or red lines are similar to varicose veins but are much thinner in diameter and not palpable permanent

168 views • 15 slides
By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books

By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books

By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books Victorian 1900s Time Poor Classical Books Setting Characters Orphans Streets Posh To op p 3 3 C Cl la as ss si ic ca al l B Bo oo

600 views • 8 slides
A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r

A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r

A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r Spider import scrapy from scrapy.crawler import CrawlerProcess class SpiderClassName(scrapy.Spider): name = &quot;spider_name&quot; # the code for

454 views • 28 slides
Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There

Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There

Biomedicine, bioengineering or Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There are more than 150,000 different species of spider about 35,000 are identified. Elsewhere I read that as of 2008

1.25k views • 75 slides
Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of

Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of

Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of Mathematics and Physics Charles University September 4, 2018 Neural Monkey Toolkit for training neural models for sequence-to-sequence tasks

257 views • 21 slides
Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview

Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview

Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview The Infinite Monkey Theorem Neo4j and graph data Evolutionary, inclusive architecture Science! Revenge of the monkeys End OK,

376 views • 34 slides
Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. *

Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. *

Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. * For those of you who's first language is not English spider is a bug + not a computer term.. + Bug denotes an animal again not a

1.25k views • 103 slides
HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey

HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey

HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey http://www.helenos.org/ http://d3s.mff.cuni.cz Jakub Jerm jakub@jermar.eu Martjn Dck decky@d3s.mff.cuni.cz HelenOS in a Nutshell HelenOS in a Nutshell

788 views • 32 slides
S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written

S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written

S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written predominantly in FORTRAN 90. Available for Linux, Irix, and AIX. More than 80 suites of operations (with a total of more than 450 operations)

168 views • 14 slides
TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps

TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps

TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps tool. Flexible crawler and filtering of collected data. Can crawl and handle very large websites. History TechSEO360 merges features from A1

852 views • 33 slides
Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is

Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is

Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is ambitious Character He is determined Background Include picture Internals Mental: stubborn Spiritual: superior to others Emotional:

572 views • 7 slides
Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic

Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic

Department of Physics, Chemistry and Biology Master Thesis Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic aldehydes Luna Kjeldmand LiTH-IFM- Ex--xxxx--SE Supervisor: Matthias Laska,

511 views • 22 slides
Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a

Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a

The Arthur Terry School A- Level Student Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a common pest that feeds on crops. It feeds by sucking cell contents from the cells and

280 views • 14 slides
Attack on Sony 2014 Sammy Lui 1 In Index Overview Timeline Tools Wiper

Attack on Sony 2014 Sammy Lui 1 In Index Overview Timeline Tools Wiper

Attack on Sony 2014 Sammy Lui 1 In Index Overview Timeline Tools Wiper Malware Implications Need for physical security Employees Accomplices? Dangers of Cyberterrorism Danger to Other

352 views • 23 slides
Security Awareness Office of Informa(on Technology Informa5on

Security Awareness Office of Informa(on Technology Informa5on

Security Awareness Office of Informa(on Technology Informa5on Security Department 2011-2012 Top Security Issues BE CYBER SAFE 1 Security Awareness Top

383 views • 13 slides
INFORMATION SECURITY AWARENESS Information Security Education &amp; Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education &amp; Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education &amp; Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Free No : 1 1800 0 425 6 6235 Toll F

264 views • 24 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
SCAMS &amp; OLDER PEOPLE (Internet and email scams) If someone youve never met before asks

SCAMS &amp; OLDER PEOPLE (Internet and email scams) If someone youve never met before asks

SCAMS &amp; OLDER PEOPLE (Internet and email scams) If someone youve never met before asks you for money, that should be a red flag. Frances Wilson, National Trading Standards Scams Team WHAT IS IS A SCAM? Scams are crimes where the

241 views • 9 slides
Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is Malware? - Software intended to cause harm or inflict damage on computer systems - Many different kinds: - Adware/Spyware - Backdoors - Viruses

383 views • 26 slides
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel

652 views • 30 slides
IT Security Training April 21, 2016 Presented by Benjamin Ellis Topics to be Covered What has

IT Security Training April 21, 2016 Presented by Benjamin Ellis Topics to be Covered What has

IT Security Training April 21, 2016 Presented by Benjamin Ellis Topics to be Covered What has changed to make IT security harder? What are the common areas your business is being attacked? What can you do about those areas? What

630 views • 35 slides

More recommend