Design and Implementation of Linux Based Virtual Honeyclient

Abstract

A honeypot is used in the area of computer and Internet security. It is a resource which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. It can also be used to attract and divert an attacker from the real targets. Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as all traffic is suspicious, because no productive components are running on the system. This fact enables the system to log every byte and to correlate this data with other sources to draw a picture of an attack and the attacker. Linux has been chosen as the Operating system of choice for a number of apparent advantages that it has over other Operating systems. The most important ones being that the original work on Honeynets / Honeypots has been done using Linux, so it is best supported out of all the contemporaries. Another reason for using Linux is that it is Open source and provides source code to work with freely In this thesis the intention is to understand the intricacies of the workings of the honeypot / honeynet technology and also the reasoning, thought process and goals behind it. Then a “Virtual Client Honeypot” would be implemented to collect internet malwares.