| With the quick development of Internet, network attack and stealing of sensitive information happens everyday. Hackers make use of different soft and hardware vulnerabilities to gain control of servers, as well as penetration. In the knowledge of attacking skills, security researchers continuously do research in developing counter-method to the invasion activities. With the wide use of Firewall and Intrusion Detection Systems, traditional attack path of server-side attack faces the reduction on succeed ratio. As a result, attackers turn to a easier, and more convenient way of client-side attack.Traditional honeypot systems focus on detection of server-side attack, so that they are less usable in detection of client-side attack. In order to research and detect client-side attack, security researchers announce client honeypot.Client honeypots crawl the network, interact with servers, and classify servers with respect to their malicious nature. It simulates, or drives client-side software and does not expose server based services to be attacked. It cannot lure attacks to itself, but rather it must actively interact with remote servers to be attacked. Whereas all accesses to the traditional honeypot are malicious, the client-side honeypot must discern which server is malicious and which is benign.This paper researches on client honeypots, introduced its principle, and has extended the application of client honeypot to be able to detect a wider range of client-side attack. |
PDF Full Text Request