monkey spider
play

Monkey-Spider Detection of Malicious Web Sites Final presentation - PowerPoint PPT Presentation

Aug 03, 2023 •341 likes •665 views

Monkey-Spider Detection of Malicious Web Sites Final presentation of the diploma thesis Ali Ikinci ali[at]ikinci.info 9. July 2007 Head of Department: Prof. Dr. Felix Freiling Supervisor: Dipl.-Inform. Thorsten Holz Laboratory for Dependable

  1. Monkey-Spider Detection of Malicious Web Sites Final presentation of the diploma thesis Ali Ikinci ali[at]ikinci.info 9. July 2007 Head of Department: Prof. Dr. Felix Freiling Supervisor: Dipl.-Inform. Thorsten Holz Laboratory for Dependable Distributed Systems UNIVERSITY OF MANNHEIM UNIVERSITY OF MANNHEIM

  2. Outline  Problem and challenge  Simplified architecture  Requirements analysis  Honeypots vs. honeyclients  Monkey-Spider architecture  Limitations  Preliminary results  Key Findings

  3. Problem  Client side attacks are on the rise  Many abuses of the Internet [1][2][3]  No comprehensive and free database of threats on the Internet  HoneyMonkey [4]  SiteAdvisor [5] The Monkey-Spider 3

  4. A sample SiteAdvisor site report The Monkey-Spider 4

  5. Challenge  Find actual threats and zero-day exploits on the Internet  Collect malicious code  Allow various infection vectors  Build a database with detailed relevant information about threats  Continuous monitoring of suspicious resources The Monkey-Spider 5

  6. Simplified Architecture of the Monkey-Spider system Internet Scanner Crawler DB The Monkey-Spider 6

  7. Requirements Analysis  Performance  Modularity and Expandability  Multithreaded modules  Parallel operation  Scalability  Usability The Monkey-Spider 7

  8. Requirements Analysis  Crawler part:  Crawling policies  Link extraction  URL normalization  Efficient storage The Monkey-Spider 8

  9. Requirements Analysis  Malware scanner:  Multiple malware scanners  Support for automated dynamic malware analysis tools  Expandability  Database  Store relevant information  Bunch of standard querys The Monkey-Spider 9

  10. Solution Ideas  Do not reeinvent the wheel  Use existing Free Software  Use existing honeypot technologies  Use extensive prototyping The Monkey-Spider 10

  11. Honeypots Honeypots are dedicated deception devices  Two types:   server honeypots or honeypots and  client honeypots or honeyclients Both can be classified as:   low-interaction honeypots or  high-interaction honeypots Similar Web maliciousness detection systems operate either  as low- or high-interaction honeyclients The Monkey-Spider system operates as a crawler based low-  interaction honeyclient The Monkey-Spider 11

  12. Honeypot vs. Honeyclient The Monkey-Spider 12

  13. Monkey-Spider: Architecture The Monkey-Spider 13

  14. Monkey-Spider: Queue Generation  Provide starting point(s) (seeds) utilizing different approches:  Web search seeders (Google, MSN and Yahoo)  (Spam) mail seeder  Hosts file seeder  Monitoring seeder The Monkey-Spider 14

  15. Heritrix WebCrawler [6] Built for the Internet Archive  Free Software  Recursive, scalable and multithreaded crawling  Thouroughly tested  Continously extended  Many parameters  Controled with   Web interface  Java Management Extensions (JMX) Generates ARC-files as output  The Monkey-Spider 15

  16. The Heritrix Web Interface The Monkey-Spider 16

  17. ARC File-Format  Designed by the Internet Archive  Large aggregate files for ease of storage  Features: Sample:  self-contained http://www.dryswamp.edu:80/index.html\ 127.10.100.2 19961104142103 text/html 202  multi-protocol able HTTP/1.0 200 Document follows Date: Mon, 04 Nov 1996 14:21:06 GMT  streamable Server: NCSA/1.4.1 Content-type: text/html Last-modified:\ Sat,10 Aug 1996 22:33:11 GMT  viable Content-length: 30 <HTML> Hello World!!! </HTML> The Monkey-Spider 17

  18. Malware Scanner  ARC-Files are unpacked and examined  MW-Scanners are executed on crawled content  Found Malware is stored  Information regarding the malware is stored into database The Monkey-Spider 18

  19. The Monkey-Spider Web interface  Controles the whole system  Modules are seperately manageable  Standard querys are provided  Job based  Authentification The Monkey-Spider 19

  20. The Seed generation page The Monkey-Spider 20

  21. Limitations Analysis is limited to the publicly indexable web [7]  Only known malware is recognized and stored   Will be enhanced with CWSandbox Drive-by download sites, heavily obfuscated JavaScript  code and zero-day exploits are not recognized Full scan of the Web is not possible with Heritrix yet  Two seperate jobs are not aware of examining the same  sites and contents The Monkey-Spider 21

  22. Preliminary Results  We have done various crawls over two months  We crawled for various topics and did a hosts file based crawl  defective crawl settings caused incomplete preliminary results The Monkey-Spider 22

  23. MIME-type distribution of crawled content The Monkey-Spider 23

  24. Topic based maliciousness topic maliciousness in % pirate 2.6 wallpaper 2.5 hosts file 1.7 games 0.3 celebrity 0.3 adult 0.1 total 1 The Monkey-Spider 24

  25. Top 10 malware sites domain occurence desktopwallpaperfree.com 487 waterfallscenes.com 92 91 pro.webmaster.free.fr astalavista.com 15 bunnezone.com 14 oss.sgi.com* 12 ppd-files.download.com 12 888casino.com 11 888.com 11 bigbenbingo.com 10 * non malicious Web site The Monkey-Spider 25 (false positive)

  26. Top-10 malware types name occurence HTML.MediaTickets.A 487 Trojan.Aavirus-1 92 Trojan.JS.RJump 91 Adware.Casino-3 22 Adware.Trymedia-2 12 Adware.Casino 10 Worm.Mytob.FN 9 Dialer-715 8 7 Adware.Casino-5 Trojan.Hotkey 6 The Monkey-Spider 26

  27. Key Findings  1% of all examined Web sites are malicious  adult Web sites are relative harmless  most malware is spread through pirate and wallpaper propagation Web sites  to gather representative results a Web site has to be completely crawled and analysed  the scope of the crawl has to be choosen carefully  We know very little about malicious Web sites and their operators The Monkey-Spider 27

  28. Performance  We measured the performance of our crawls on a standard PC  Crawl performance of 1 MB/sec  Malware analysis (without the crawling) in 0.05 seconds per downloaded content and 2.35 seconds per downloaded and compressed MB  Resulting in about 3.35 seconds per analysed MB of content  In comparison: other low-interaction honeyclient based Web analysers require a minimum of 3 seconds per Web site The Monkey-Spider 28

  29. Future Trends  Attacks are concentrated more and more from the server to the client  Client programs other than the Web client are targeted more often, like Media Players, Flash and PDF interpreters  Advanced honeypot, virtual machine and anti- virus program detection techniques contained in malware complicates the detection of such The Monkey-Spider 29

  30. Live - Demo  Live demonstration of the current state of Monkey-Spider The Monkey-Spider 30

  31. Questions ? Thank you for your attention! The Monkey-Spider 31

  32. References [1] Anti-Phishing Working Group (APWG) „Phishing Activity Trends Report, Combined Report for September and October“ 2006 http://www.antiphishing.org [2] Thorsten Holz, „A Short Visit to the Bot Zoo“, IEEE Security & Privacy , 2005, volume 3, number 3, pages 76-79 [3] S. Saroiu, S. D. Gribble, and H. M. Levy „Measurement and Analysis of Spyware in a University Environment“ USENIX Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, March 2004 [4] The Strider HoneyMonkey Project http://research.microsoft.com/HoneyMonkey/ [5] McAfee SiteAdvisor http://www.siteadvisor.com/ [6] Heritrix the Internet Archive's WebCrawler http://crawler.archive.org/ [7] Lawrence, S. and Giles, C. L. 2000. Accessibility of information on the Web. Intelligence 11, 1 (Apr. 2000), 32-39. The Monkey-Spider 32

Recommend

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda

Get the (Spider)monkey off your back Exploiting Firefox through the Javascript engine by eboda and bkth from phoenhex Who are we? Security enthusiasts who dabble in vulnerability research on their free time as part of phoenhex. Member of CTF

1.02k views • 56 slides
How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a

How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a

How to estimate a density on a spider web ? How to estimate a density on a spider web ? Dominique Picard How to estimate a density on a spider web ? 2020 1 / 37 Spider web from exhibition On Air Tomas Saraceno spider web spider web Spider

753 views • 40 slides
Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning

Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning

Homo erectus Neanderthals monkey see, monkey (mostly cannot) do Social learning cumulative cultural evolution The Descent of the Homo lineage from 2 MYA Human capacity for culture evolved about here The Worlds 7000 -8000

412 views • 27 slides
SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the

SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the

SPIDER VEINS What are Spider veins? are small dilated blood vessels near the surface of the skin characterized as purple, blue or red lines are similar to varicose veins but are much thinner in diameter and not palpable permanent

168 views • 15 slides
By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books

By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books

By Laura and Holly Spider Diagram of Spider Diagram of Classical Books Classical Books Victorian 1900s Time Poor Classical Books Setting Characters Orphans Streets Posh To op p 3 3 C Cl la as ss si ic ca al l B Bo oo

600 views • 8 slides
A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r

A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r

A Class y Spider W E B SC R AP IN G IN P YTH ON Thomas Laetsch Data Scientist , NYU Yo u r Spider import scrapy from scrapy.crawler import CrawlerProcess class SpiderClassName(scrapy.Spider): name = &quot;spider_name&quot; # the code for

454 views • 28 slides
Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There

Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There

Biomedicine, bioengineering or Biomimetics and biomaterials Presentation on Spider Silk, Spring 2015 Facts about spiders There are more than 150,000 different species of spider about 35,000 are identified. Elsewhere I read that as of 2008

1.25k views • 75 slides
Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of

Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of

Neural Monkey Du san Vari s Institute of Formal and Applied Linguistics Faculty of Mathematics and Physics Charles University September 4, 2018 Neural Monkey Toolkit for training neural models for sequence-to-sequence tasks

257 views • 21 slides
Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview

Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview

Surfing the Infinite Monkey Theorem for Fun and Profit Dr. Jim Webber Chief Scientist Overview The Infinite Monkey Theorem Neo4j and graph data Evolutionary, inclusive architecture Science! Revenge of the monkeys End OK,

376 views • 34 slides
Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. *

Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. *

Orange Empire Signal Garden Lessons Learned OR Remove spider * before servicing main board. * For those of you who's first language is not English spider is a bug + not a computer term.. + Bug denotes an animal again not a

1.25k views • 103 slides
HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey

HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey

HelenOS in the Year HelenOS in the Year of the Fire Monkey of the Fire Monkey http://www.helenos.org/ http://d3s.mff.cuni.cz Jakub Jerm jakub@jermar.eu Martjn Dck decky@d3s.mff.cuni.cz HelenOS in a Nutshell HelenOS in a Nutshell

788 views • 32 slides
S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written

S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written

S P I D E R J o a c h I m F r a n k SPIDER is a command-driven application written predominantly in FORTRAN 90. Available for Linux, Irix, and AIX. More than 80 suites of operations (with a total of more than 450 operations)

168 views • 14 slides
TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps

TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps

TechSEO360 SEO Spider Software for Windows and Mac. Complete technical SEO and sitemaps tool. Flexible crawler and filtering of collected data. Can crawl and handle very large websites. History TechSEO360 merges features from A1

852 views • 33 slides
Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is

Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is

Character Analysis: Monkey King Ryan C 4/8/2020 English 10 He wants to be god He is ambitious Character He is determined Background Include picture Internals Mental: stubborn Spiritual: superior to others Emotional:

572 views • 7 slides
Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic

Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic

Department of Physics, Chemistry and Biology Master Thesis Olfactory sensitivity of spider monkeys ( Ateles geoffroyi ) for six structurally related aromatic aldehydes Luna Kjeldmand LiTH-IFM- Ex--xxxx--SE Supervisor: Matthias Laska,

511 views • 22 slides
Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a

Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a

The Arthur Terry School A- Level Student Studying biology, Chemistry, Maths and Physics T. urticae also known as the spider mite is a common pest that feeds on crops. It feeds by sucking cell contents from the cells and

280 views • 14 slides
Making Tweet Monkey by codefoster Who am I? codefoster codefoster.com || @codefoster ||

Making Tweet Monkey by codefoster Who am I? codefoster codefoster.com || @codefoster ||

Making Tweet Monkey by codefoster Who am I? codefoster codefoster.com || @codefoster || github.com/codefoster || upverter.com/codefoster jeremy.foster@microsoft.com 206-250-7637 278-21-8879

295 views • 15 slides
Indian Spider Wasps (Hymenoptera: Vespoidea: Pompilidae): After A Century Samrat Bhattacharjee

Indian Spider Wasps (Hymenoptera: Vespoidea: Pompilidae): After A Century Samrat Bhattacharjee

Indian Spider Wasps (Hymenoptera: Vespoidea: Pompilidae): After A Century Samrat Bhattacharjee Department of Zoology, Scottish Church College, 1 &amp; 3 Urquhart Square, Kolkata- 700 006, West Bengal, India Email: samrat.scc@gmail.com &amp;

269 views • 6 slides
About Me &gt; Eduardo Silva Github &amp; Twitter: @edsiper Personal Blog :

About Me &gt; Eduardo Silva Github &amp; Twitter: @edsiper Personal Blog :

About Me &gt; Eduardo Silva Github &amp; Twitter: @edsiper Personal Blog : http://edsiper.linuxchile.cl &gt; Treasure Data, Inc. Open Source Engineer Fluentd / FluentBit &gt; Projects Monkey Server / monkey-project.com Duda

970 views • 53 slides
The Spider Center Wide File System Presented by: Galen M. Shipman Collaborators: David A.

The Spider Center Wide File System Presented by: Galen M. Shipman Collaborators: David A.

The Spider Center Wide File System Presented by: Galen M. Shipman Collaborators: David A. Dillow Sarp Oral Feiyi Wang May 4, 2009 Jaguar: Worlds most pow erful computer Designed for science from the ground up g g Peak performance

497 views • 34 slides
CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL

CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL

Research seminar at CoEB, Huye Date: 28 Feb 2018 ASSESSMENT OF CONSERVATION EFFORTS, INCENTIVES, AND THE CURRENT STATUS OF THREATS TO THE HAMLYNS MONKEY AND ITS BAMBOO HABITAT IN NYUNGWE NATIONAL PARK, RWANDA Project leader: Methode

217 views • 17 slides
Spider-Man meditation Small Group Discussion How did yesterday go for you? Did anything

Spider-Man meditation Small Group Discussion How did yesterday go for you? Did anything

Spider-Man meditation Small Group Discussion How did yesterday go for you? Did anything come up that youd like to try with your clients? What came up for you in this meditation practice? Large group discussion Understanding

1.95k views • 151 slides
The Search API in Drupal 8 Thomas Seidl (drunken monkey) Disclaimer Everything shown here is

The Search API in Drupal 8 Thomas Seidl (drunken monkey) Disclaimer Everything shown here is

The Search API in Drupal 8 Thomas Seidl (drunken monkey) Disclaimer Everything shown here is still a work in progress. Details might change until 8.0 release. B a s i c a r c h i t e c t u r e S e r v e r I n d e x V

679 views • 29 slides
Alternative indexing: market cap or monkey? Simian Asset Management Which index? For many

Alternative indexing: market cap or monkey? Simian Asset Management Which index? For many

Alternative indexing: market cap or monkey? Simian Asset Management Which index? For many years investors have benchmarked their equity fund managers using market capitalisation-weighted indices Other, passive investors have chosen to

888 views • 31 slides

More recommend