Using malicious sites to launch attacks against client user applications is a growing threat in recent years. This led to emergence of new technologies to counter and detect this type of client-side attacks. One of these technologies is honeyclient. Honeyclients crawl the Internet to find and identify web servers that exploit client-side vulnerabilities. In this paper, we address honeyclients by studying and analyzing low and high interactive honeyclients. We introduce comparison attributes to evaluate honeyclients, and applying them to compare among HoneyC and Capture as examples on each type. Moreover, we present some techniques can be used by malicious websites to counter and fingerprint honeyclients, and we make recommendations to overcome these evasion techniques.
[1]
Ian Welch,et al.
HoneyC - The low-interaction client honeypot
,
2006
.
[2]
Ian Welch,et al.
Improving Detection Speed and Accuracy with Hybrid Client
,
2006
.
[3]
Alfredo Andrés Omella.
Methods for Virtual Machine Detection
,
2006
.
[4]
Xuxian Jiang,et al.
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities
,
2006,
NDSS.
[5]
C. Seifert.
Know Your Enemy: Malicious Web Servers
,
2007
.
[6]
R.K. Cunningham,et al.
Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
,
2000,
Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.