AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Bad Service: Towards detection of malicious web servers using a client-side honeypot

Authors

;

Term

4. semester

Education

Cyber Security, Master

Publication year

2024

Submitted on

Abstract

Malicious web servers are a growing cyber security risk. This thesis introduces MaiBee, a browser extension that acts as a client-side honeypot—a security tool that observes suspicious activity directly in the browser—to detect and analyze suspicious advertisements. The goal is to improve detection of malicious behavior by combining filtering techniques with a multi-criteria suspicion score. MaiBee examines potentially harmful web elements using several signals: ad detection and filtering, DNS and reverse DNS lookups, analysis of IP address characteristics, and reputation reports from external sources such as AbuseIPDB and VirusTotal. In an experiment across 10,000 websites, MaiBee showed it can flag suspicious ads and demonstrated its detection capabilities. The findings offer practical insight into how malicious advertisements behave and help deepen understanding of current cyber threats.

Ondsindede webservere udgør en voksende cybersikkerhedsrisiko. Dette speciale præsenterer MaiBee, en browserudvidelse, der fungerer som en klientside honeypot – et sikkerhedsværktøj, der observerer mistænkelig aktivitet direkte i browseren – til at opdage og analysere mistænkelige annoncer. Formålet er at forbedre opdagelsen af skadelig adfærd ved at kombinere filtreringsteknikker med en mistankescore baseret på flere kriterier. MaiBee vurderer potentielt skadelige webelementer ved hjælp af flere signaler: annoncering og filtrering, DNS- og reverse DNS-opslag, analyse af IP-adressers karakteristika og omdømmerapporter fra eksterne kilder som AbuseIPDB og VirusTotal. I et forsøg på 10.000 websteder viste MaiBee, at den kan udpege mistænkelige annoncer og demonstrerede sine detektionsmuligheder. Resultaterne giver praktisk indsigt i, hvordan skadelige annoncer opfører sig, og bidrager til en bedre forståelse af aktuelle cybertrusler.

[This apstract has been rewritten with the help of AI based on the project's original abstract]

Documents

Download PDF
View record in AAU Student Projects