Server-side code injection attacks used to be one of the main culprits for the spread of malware. A vast amount of research has been devoted to the problem of effectively detecting and analyzing these attacks. Common belief seems to be that these attacks are now a marginal threat compared to other attack vectors such as drive-by download and targeted emails. However, information on the complexity and the evolution of the threat landscape in recent years is mostly conjectural. This paper builds upon five years of data collected by a honeypot deployment that provides a unique, long-term perspective obtained by traffic monitoring at the premises of different organizations and networks. Our contributions are twofold: first, we look at the characteristics of the threat landscape and at the major changes that have happened in the last five years; second, we observe the impact of these characteristics on the insights provided by various approaches proposed in previous research. The analysis underlines important findings that are instrumental at driving best practices and future research directions.
Server-side code injection attacks: A historical perspective
RAID 2013, 16th International Symposium on Research in Attacks, Intrusions, and Defenses, 23-25 October 2013, Saint Lucia, USA / Also published in LNCS, Volume 8145/2013
Type:
Conférence
City:
Saint Lucia
Date:
2013-10-23
Department:
Sécurité numérique
Eurecom Ref:
4184
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in RAID 2013, 16th International Symposium on Research in Attacks, Intrusions, and Defenses, 23-25 October 2013, Saint Lucia, USA / Also published in LNCS, Volume 8145/2013 and is available at : http://dx.doi.org/10.1007/978-3-642-41284-4_3
See also:
PERMALINK : https://www.eurecom.fr/publication/4184
