Micro-Honeypot: Using Browser Fingerprinting to Track Attackers

Web attacks have proliferated across the whole Internet in recent years. To protect websites, security vendors and researchers collect attack information using web honeypots. However, web attackers can hide themselves by using stepping stones (e.g., VPN, encrypted proxy) or anonymous networks (e.g., Tor network). Conventional web honeypots lack an effective way to gather information about an attacker's identity, which raises a big obstacle for cybercrime traceability and forensics. Traditional forensics methods are based on traffic analysis; it requires that defenders gain access to the entire network. It is not suitable for honeypots. In this paper, we present the design, implementation, and deployment of the Micro-Honeypot, which aims to use the browser fingerprinting technique to track a web attacker. Traditional honeypot lure attackers and records attacker's activity. Micro-Honeypot is deployed in a honeypot. It will run and gather identity information when an attacker visits the honeypot. Our preliminary results show that Micro-Honeypot could collect more information and track attackers although they might have used proxies or anonymous networks to hide themselves.

[1]  Md. Habibur Rahaman A Survey on Real-Time Communication for Web , 2015 .

[2]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[3]  Alaa Eleyan,et al.  Character recognition using correlation & hamming distance , 2015, 2015 23nd Signal Processing and Communications Applications Conference (SIU).

[4]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[5]  Martin Thomson,et al.  Browser-to-Browser Security Assurances for WebRTC , 2014, IEEE Internet Computing.

[6]  Takeshi Yagi,et al.  Enhanced attack collection scheme on high-interaction web honeypots , 2010, The IEEE symposium on Computers and Communications.

[7]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[8]  Martín Abadi,et al.  Host Fingerprinting and Tracking on the Web: Privacy and Security Implications , 2012, NDSS.

[9]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[10]  Frank Piessens,et al.  FPDetective: dusting the web for fingerprinters , 2013, CCS.

[11]  Takeshi Yagi,et al.  Investigation and analysis of malware on websites , 2010, 2010 12th IEEE International Symposium on Web Systems Evolution (WSE).

[12]  Qixu Liu,et al.  Fingerprinting Web Browser for Tracing Anonymous Web Attackers , 2016, 2016 IEEE First International Conference on Data Science in Cyberspace (DSC).

[13]  Shantanu Rane,et al.  Privacy preserving string comparisons based on Levenshtein distance , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[14]  Song Li,et al.  (Cross-)Browser Fingerprinting via OS and Hardware Level Features , 2017, NDSS.

[15]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[16]  Baskoro Adi Pratomo,et al.  Aggressive web application honeypot for exposing attacker's identity , 2014, 2014 The 1st International Conference on Information Technology, Computer, and Electrical Engineering.

[17]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[18]  Jeanna Neefe Matthews,et al.  A Generic Toolkit for Converting Web Applications Into High-Interaction Honeypots , 2007 .

[19]  Hovav Shacham,et al.  Fingerprinting Information in JavaScript Implementations , 2011 .

[20]  Sándor Imre,et al.  User Tracking on the Web via Cross-Browser Fingerprinting , 2011, NordSec.

[21]  Davide Balzarotti,et al.  Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web , 2013, NDSS.

[22]  Walter Rudametkin,et al.  Beauty and the Beast: Diverting Modern Web Browsers to Build Unique Browser Fingerprints , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  Hovav Shacham,et al.  Pixel Perfect : Fingerprinting Canvas in HTML 5 , 2012 .

[24]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[25]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[26]  Moses Charikar,et al.  Similarity estimation techniques from rounding algorithms , 2002, STOC '02.