秋山満昭 | 1261002: D, 中間発表 | 山口英, 藤川和利, 門林雄基 |
title: Infiltrative approach to intrusion detection: design and implementation of client honeypot for gathering malware infection activity
abstract: A honeypot which is a decoy system expecting cyber attacks, in particular malware infection, has the potential to overcome problems of conventional intrusion detection systems. According to the attack model and adversary's techniques, we enumerate requirements for design and implementation of client honeypot for detecting drive-by download malware infection. Our developed client honeypot equips proposed methods satisfying enumerated requirements: precise detection, information collection, inspection performance, safeguarding, camouflaging, and seed URL selection. We also introduce highlight data of adversary's properties newly discovered by our developed client honeypot in the real web space. language of the presentation: Japanese | ||