Rogier Spoor (SURFNET)

The Honeyclient project Fighting client-side threats

The Honeyclient project is a joint venture between SURFnet, NASK/CERT Polska and GOVCERT.NL. The goal of the project is to jointly develop a complete honeyclient solution, to be used by SURFnet.nl, NASK/CERT Polska and GOVCERT.NL and their respective constituencies or customers.

For years, attacks were mainly focused on exploiting vulnerabilities in server systems and server applications. In recent years a new trend shows that the number of attacks against client systems and client applications is increasing. Especially the number of browser exploits has grown rapidly. A better understanding of these client-side threats is needed, in order to protect the end-user.

One of the effective approaches to analyze attacks is the use of honeypots. A traditional honeypot is a non-production, passive system which focuses on attacks against server applications. Recently, research has also focused on the use of honeyclient systems. A honeyclient poses as a client system and explores malicious websites with the intent to analyze the exploitation techniques and additionally to capture the malware which is offered via the website.

This project aims at using state-of-the-art honeyclient technology in combination with an advanced web crawler.  

---

Last Version - $Revision: 1.1 $ / $Date: 2007/11/13 15:32:56 $
Maintained by Jaap-Henk Hoepman
Email: