| Honeypot is a well known technique for discovering the tools, tactics, and motives of attackers. It is a completely new network security technology that is emerging in recent years based on the ideas of cheating in the war. It is intended to be probed, attacked, and compromised. Directly or indirectly, it helps protect your production systems and networks against attackers. The honeypot technology has played the very major role in analysising Phishing attacks and tracking BotNets. Since attackers have a tendency to take the path of least resistance and many traditional attack paths are barred by a basic set of unceasingly maturely security measures, such as firewalls or anti-virus engines, the (?)tlack hats(?) re turning to client-side attacks. Through these easily unprotected attack paths, they place their malware onto the end user(?)machine and collecting sensitive data by the malware. A new type of client honeypot has been proposed. It can detect the client-side attacks. Client honeypots crawl the network, interact with servers, and classify servers with respect to their malicious nature.This paper studies the low interaction client honeypot which is based on the malicious web detection by employing client honeypot. By analysing the systematic design theories and implementation mechanism of the low interaction client honeypot, we summerise the honeypot's detailed structures of each module and the operation process. Additionally, in order to detect the codes of hidden mallicious web, it makes improvement during the implementation of the system in accodance with the technologies the malicious web involve.To eliminate the speed flaws of the honeypot's detecting mallicious web, the paper recommends the thread pool technique to accerlerate the speed. Experiments have proved that the usage of the thread pool technique has significantly accerlerate the system's detection speed. This paper also comes out with the theoretical algorithms by using the least frequently use page replacement algorithms in the operating system to slove a problem which obtains from the experiments. This problem is that improving the accuracy of detection by increasing the signature-based matching rules will lead to the slow down of the detection speed. |
PDF Full Text Request