| With the development and common use of the Internet, the Internet security has touched our daily life. Usually a hacker using different server hardware and software vulnerabilities to get access to the server and control over sensitive information. However, with a variety of network security products and technologies had been widely applied, it is more difficult of making a common server-side attacks. Thus led to the invention of client-side attacks, which is a new and more concise way. After the rapid development of client-side software in recent years, the client-side attacks, which target on client-side software vulnerabilities, has become a major hacker attack method.In the course of confrontation with the traditional attacks, security researchers had proposed the groundbreaking honeypot theory and developed many honeypot system for researching and testing of traditional network attacks, which had made tremendous contributions. However, the newly developed client-side attacks made the honeypot system which specificly desinged for the traditional attacks inoperative. Therefore, security researchers proposed a new honeypot system called client-side honeypot system for client-side attacks.Client-side honeypot system was designed for detecting client-side attacks. And the main targets are malicious web pages and servers. It interacts with the web server actively and detect whether the data returned by the server contains attacks towards the user's browser and the plug-ins. At present, the client-side honeypot system for detecting malicious web pages and servers is relatively mature. However, the client software not only includes the browser, but also a lot of local software, such as office document processor, compression software, media player, P2P sharing programs and so on. The Client-side honeypot system is still in need of progress in the detection of attacks towards these softwares.In this paper, we firstly surveyed the clent-side attacks.And then presented and analysed the open source client honeypot system Honeyclient at a detailed source code level. We studied the architecture and modules of the system, and proposed a method which could strenthen the HoneyClient system security. A URL scanning function based on Wget was developed for increasing the efficiency of HoneyClient web scanning afterwards. For the evaluation of the system, a scanning test was launched in HoneyClient. Finally, the attack towards the client was detected, and the vulnerability was analysed. In the research, we found that the client-side honeypots were mostly designed for web attacks, and most of them were based on the web explorers. So specifically, we developed a WinExcel plug-in for the Honey-Client system. Now HoneyClient system can also support the attacks towards Excel. |
PDF Full Text Request