client honeypot

There are several terms that are used to describe client honeypots.

Capture differs from existing client honeypots in various ways.

High interaction client honeypots are very effective at detecting unknown attacks on clients.

This client honeypot is not available for download.

A client honeypot is composed of three components.

Client Honeypots are active security devices in search of malicious servers that attack clients.

The changes are analyzed to determine if the visited site installed any malware onto the client honeypot computer.

As such, no functional limitations (besides the containment strategy) exist on high interaction client honeypots.

High interaction client honeypots are fully functional systems comparable to real systems with real clients.

The client honeypot poses as a client and interacts with the server to examine whether an attack has occurred.

Attacks on high interaction client honeypots are detected via inspection of the state of the system after a server has been interacted with.

SpyBye is a low interaction client honeypot developed by Niels Provos.

Thug is a low-interaction client honeypot developed by Angelo Dell'Aera.

Besides client honeypot, which is the generic classification, honeyclient is the other term that is generally used and accepted.

Monkey-Spider is a crawler based client honeypot initially utilizing anti-virus solutions to detect malware.

The detection of changes to the client honeypot may indicate the occurrence of an attack against that has exploited a vulnerability of the client.

Capture is a high interaction client honeypot developed by researchers at Victoria University of Wellington, NZ.

HoneyMonkey is a web browser based (IE) high interaction client honeypot implemented by Microsoft in 2005.

Monkey-Spider is a low-interaction client honeypot initially developed at the University of Mannheim by Ali Ikinci.

In addition to these components, client honeypots are usually equipped with some sort of containment strategy to prevent successful attacks from spreading beyond the client honeypot.

Hybrid client honeypots combine both low and high interaction client honeypots to gain from the advantages of both approaches.

After the interaction with the server has taken place, the third component, an analysis engine, is responsible for determining whether an attack has taken place on the client honeypot.

Shelia is a high interaction client honeypot developed by Joan Robert Rocaspana at Vrije Universiteit Amsterdam.

The Spycrawler developed at the University of Washington is yet another browser based (Mozilla) high interaction client honeypot developed by Moshchuk et al. in 2005.

Low interaction client honeypots are easier to deploy and operate than high interaction client honeypots and also perform better.