Show simple item record

dc.contributor.authorPuttaroo, Mohammad
dc.contributor.authorKomisarczuk, Peter
dc.contributor.authorCordeiro De Amorim, Renato
dc.identifier.citationPuttaroo , M , Komisarczuk , P & Cordeiro De Amorim , R 2014 , Challenges in developing Capture-HPC exclusion lists . in Procs of the 7th Int Conf on Security of Information and Networks . ACM Press , pp. 334-338 , 7th International Conference on Security of Information and Networks , Glasgow , United Kingdom , 9/09/14 .
dc.identifier.otherPURE: 9822869
dc.identifier.otherPURE UUID: da2f4262-32d8-4104-a619-ef67844e8909
dc.identifier.otherScopus: 84938683597
dc.description.abstractIn this paper we discuss the challenges faced whilst developing exclusion lists for the high-interaction client honeypot, Capture-HPC. Exclusion lists are Capture client system behaviours which are used in the decision making process when determining if a particular behaviour is malicious or benign. As exclusion lists are the main decision making method used by Capture-HPC to classify a given webpage as benign or malicious, we identify a number of issues with current research which are often overlooked. Exclusion lists by nature require constant updating as they are developed to meet the specific requirements of a particular operating system, web browser and application system environment. Any changes to these would mean the possibility of a given client to display different benign behaviour which consequently means new exclusions required. As a result of their specific version requirements, exclusion lists are not transferable from clients. We propose a set of recommendations to aid in the creation of exclusion lists. We also present and discuss some common drive-by-download attacks which we have captured using our Windows 7 compatible exclusion lists.en
dc.publisherACM Press
dc.relation.ispartofProcs of the 7th Int Conf on Security of Information and Networks
dc.titleChallenges in developing Capture-HPC exclusion listsen
dc.contributor.institutionSchool of Computer Science
dc.contributor.institutionScience & Technology Research Institute

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record