Design and Implementation of Linux Based Hybrid Client Honeypot Incorporating Multi Layer Detection

In current global internet cyber space, the number of targeted client side attacks are increasing that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, therefore there is requirement of strong mechanisms to fight against these kinds of attacks. In this paper, we present the design and implementation of a client honeypot which incorporate the functionality of both low and high interaction honeyclient solution and incorporate the multi layer detection mechanisms to fight against client side targeted attacks. As low interaction client honeypot are fast in processing of websites but unable to detect zeroday attacks whereas high interaction client honeypots are able to detect zero day attacks but very high resource intensive. On the basis of the problems of existing client honeypots, we formulate the requirements of this hybrid honeyclient solution in terms of defending client side attacks. Our system is tested by visiting of various malicious websites and detection of malwares dropped on the system is detected. Also an approach is also been discussed to deploy the hybrid honeyclient solution for detection of malicious websites and collections of malwares embedded into malicious websites. We are ensuring that most of software tools used in our implementation are open source.