Client-side threats and a honeyclient-based defense mechanism, Honeyscout
Linköping University, Department of Electrical Engineering
Independent thesis Advanced level (professional degree), 20 credits / 30 HE credits
LiTH-ISY-EX--09/4262- - SE
Client security, network security, malware, virus, honeypot, honeyclient, capture-hpc, monkey-spider, honeyscout
Client-side computers connected to the Internet today are exposed to a lot malicious activity. Browsing the web can easily result in malware infection even if the user only visits well known and trusted sites. Attackers use website vulnerabilities and ad-networks to expose their malicious code to a large user base. The continuing trend of the attackers seems to be botnet construction that collects large amounts of data which could be a serious threat to company secrets and personal integrity. Meanwhile security researches are using a technology known as honeypots/honeyclients to find and analyze new malware. This thesis takes the concept of honeyclients and combines it with a proxy and database software to construct a new kind of real time defense mechanism usable in live environments. The concept is given the name Honeyscout and it analyzes any content before it reaches the user by using visited sites as a starting point for further crawling, blacklisting any malicious content found. A proof-of-concept honeyscout has been developed using the honeyclient Monkey-Spider by Ali Ikinci as a base. Results from the evaluation shows that the concept has potential as an effective and user-friendly defense technology. There are however large needs to further optimize and speed up the crawling process.
2009-06-13, 10:00 (English)
Fåk, Viiveke, Associate Professor (Linköping University, Department of Electrical Engineering)