Automating Malware Scanning Using Workflows

Identifying websites hosting malicious code is a priority for helping protect consumers using the web and for the collection of malicious code for analysis by malware researchers. We have been running an InternetNZ sponsored study where homepages of almost all New Zealand Web servers are scanned on a regular basis by a set of client honeypots. This paper reflects upon our experience of running moderate scale scans over a period of several months manually and identifies some requirements for automation of such a system using workflow and related middleware.

[1]  Deborah A. Frincke,et al.  Justifying the need for forensically ready protocols: A case study of identifying malicious web servers using client honeypots , 2008 .

[2]  Peter Komisarczuk,et al.  Grid Enabled Internet Instruments , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[3]  Ian Welch,et al.  HoneyC - The low-interaction client honeypot , 2006 .

[4]  C. Seifert Know Your Enemy: Malicious Web Servers , 2007 .

[5]  Ian Welch,et al.  Designing Workflows for Grid Enabled Internet Instruments , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[6]  Xuxian Jiang,et al.  Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities , 2006, NDSS.

[7]  David Meredith,et al.  Evaluation of BPEL to Scientific Workflows , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[8]  A. Koudrin,et al.  Effect of rerouting on NGN VoIP quality , 2007, 2007 Australasian Telecommunication Networks and Applications Conference.

[9]  P. Komisarczuk,et al.  Internet background radiation arrival density and network telescope sampling strategies , 2007, 2007 Australasian Telecommunication Networks and Applications Conference.

[10]  Rajkumar Buyya,et al.  A Taxonomy of Workflow Management Systems for Grid Computing , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[11]  Ian Welch,et al.  Application of divide-and-conquer algorithm paradigm to improve the detection speed of high interaction client honeypots , 2008, SAC '08.