| dc.contributor.author | Puttaroo, Mohammad | |
| dc.contributor.author | Komisarczuk, Peter | |
| dc.contributor.author | Cordeiro De Amorim, Renato | |
| dc.date.accessioned | 2016-04-07T11:41:31Z | |
| dc.date.available | 2016-04-07T11:41:31Z | |
| dc.date.issued | 2014-09-09 | |
| dc.identifier.citation | Puttaroo , M , Komisarczuk , P & Cordeiro De Amorim , R 2014 , Challenges in developing Capture-HPC exclusion lists . in Procs of the 7th Int Conf on Security of Information and Networks . ACM Press , pp. 334-338 , 7th International Conference on Security of Information and Networks , Glasgow , United Kingdom , 9/09/14 . https://doi.org/10.1145/2659651.2659717 | |
| dc.identifier.citation | conference | |
| dc.identifier.isbn | 978-1-4503-3033-6 | |
| dc.identifier.other | PURE: 9822869 | |
| dc.identifier.other | PURE UUID: da2f4262-32d8-4104-a619-ef67844e8909 | |
| dc.identifier.other | Scopus: 84938683597 | |
| dc.identifier.uri | http://hdl.handle.net/2299/17083 | |
| dc.description.abstract | In this paper we discuss the challenges faced whilst developing exclusion lists for the high-interaction client honeypot, Capture-HPC. Exclusion lists are Capture client system behaviours which are used in the decision making process when determining if a particular behaviour is malicious or benign. As exclusion lists are the main decision making method used by Capture-HPC to classify a given webpage as benign or malicious, we identify a number of issues with current research which are often overlooked. Exclusion lists by nature require constant updating as they are developed to meet the specific requirements of a particular operating system, web browser and application system environment. Any changes to these would mean the possibility of a given client to display different benign behaviour which consequently means new exclusions required. As a result of their specific version requirements, exclusion lists are not transferable from clients. We propose a set of recommendations to aid in the creation of exclusion lists. We also present and discuss some common drive-by-download attacks which we have captured using our Windows 7 compatible exclusion lists. | en |
| dc.language.iso | eng | |
| dc.publisher | ACM Press | |
| dc.relation.ispartof | Procs of the 7th Int Conf on Security of Information and Networks | |
| dc.title | Challenges in developing Capture-HPC exclusion lists | en |
| dc.contributor.institution | School of Computer Science | |
| dc.contributor.institution | Science & Technology Research Institute | |
| rioxxterms.versionofrecord | https://doi.org/10.1145/2659651.2659717 | |
| rioxxterms.type | Other | |
| herts.preservation.rarelyaccessed | true | |
