| Internet is the indispensable tool in life, but computers connected to a network are at risk of being attacked remotely. In recent years, there has been an increase of a particular type of attack: client-side attacks. These attacks target clients. As the client accesses a malicious server, the server delivers the malicious content to the client as part of the server's response to a client request. For example, as the web browser accesses content from a malicious web server, the server returns a malicious page that attacks the browser. If successful, the web server could install arbitrary programs on the client machine.Currently browser is vulnerable to be attacked, so malicious Web sites are posing a serious threat to client security, but there is no a freely available comprehensive database of malicious web sites and web threats, this is the motive of this work.Low and high interaction client honeypots are a computer security technology that can find these malicious servers on a network, Client honeypots are dedicated devices that interact with potential malicious servers, decide whether a server is malicious or benign. Due to the pros and cons of identifying server responses, both technologies can't do large-scale and accurate Internet analysis. To optimize detection speed as well as accuracy, we proposed a hybrid client honeypot model that utilized the strengths of both technologies, and it will also contain feedback loops that adjust the static detection algorithms. Base on this idea, this paper has designed a malicious website collection system and implemented most of functions. Preliminary experiment demonstrates that hybrid client honeypot and the system has better effect compared to individual methods. |
PDF Full Text Request