Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of.

Published byBlake Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of."— Presentation transcript:

1 Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of the 13th Annual Network and Distributed Systems Security Symposium (NDSS 2006), The Internet Society, 2006. Presenter: Sangyup Lee

2 Summary Introduces the concept of Automated Web Patrol  Basic aim is at protecting Internet users Design and Implementation of the system Effectiveness of the system is demonstrated through a series of experiments

3 What is the Strider HoneyMonkey Exploit Detection System? A pipeline of VM-based honeypots that run monkey programs which patrols the web automatically in an attempt to mimic human web browsing.  Honeypot A trap to catch malice Records attacker’s information

4 What is the Strider HoneyMonkey Exploit Detection System? (contd.)  Pipeline Consists of 3 stages Stage 1: Exploit Site Detection on un-patched VMs Stage 2: Recursive Redirection Analysis on un-patched VMs Stage 3: Recursive Redirection Analysis with partially and fully patched VMs Exploit detection by detecting persistent-state changes

5 Appreciative Comment A good way of approaching the solution to the growing problem of browser-based attacks  Concept of prevention  Possible developments in future

6 Critical Comments #1 Only one type of web browser used in the experiments – Internet Explorer 6.0  Should have taken into account other popular browsers such as Firefox

7 Critical Comments #2 “…to seek out and classify web sites that exploit browser vulnerabilities.” Ambiguous use of different Windows XP Service Pack versions on the tested machines.  Is it the OS or the browser that’s vulnerable?  Other factors that might affect the vulnerability? Number of Exploit-URLsNumber of Exploit Sites SP1 Unpatched (SP2-UP)688268 SP2 Unpatched (SP2-UP)204115

8 Further Analysis “if I never visit those risky web sites that serve dangerous or questionable content, do I have to worry about vulnerability exploits?” Suspicious ListPopular List # URLs scanned16,1901,000,000 # Exploit URLs206 (1.28%)710 (0.071%) “They don’t buy it because the danger is small and because security is a pain.” – B. Lampson

9 Discussion Can you think of any other factors that might affect the vulnerability of your machine against browser-based attacks?

Download ppt "Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Blocking Technologies Teach In Dave Harcourt 14 th April 2011.

Blocking Technologies Teach In Dave Harcourt 14 th April 2011.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
All Your Browser-saved Passwords Could Belong to Us - A Security Analysis and a Cloud-based New Design By Rui Zhao, Chuan Yue ACM Conference on Data and.

All Your Browser-saved Passwords Could Belong to Us - A Security Analysis and a Cloud-based New Design By Rui Zhao, Chuan Yue ACM Conference on Data and.
Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.

Threat Overview: The Italian Job / HTML_IFRAME.CU June 18, 2007.
Health Alert Network Vulnerability Assessment Protect against: Compromised information Lost productivity.

Health Alert Network Vulnerability Assessment Protect against: Compromised information Lost productivity.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,

Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.

Automated Web Patrol with Strider Honey Monkeys Y.Wang, D.Beck, S.Chen, S.King, X.Jiang, R.Roussev, C.Verbowski Microsoft Research, Redmond Justin Miller.
How to Protect Your PC Grayware Adware, Malware, Spyware.

How to Protect Your PC Grayware Adware, Malware, Spyware.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.

Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Process Coloring: an Information Flow-Preserving Approach to Malware Investigation Eugene Spafford, Dongyan Xu Department of Computer Science and Center.

Process Coloring: an Information Flow-Preserving Approach to Malware Investigation Eugene Spafford, Dongyan Xu Department of Computer Science and Center.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

Similar presentations

Ads by Google