Applying AI to improve the performance of client honeypots

Abstract

Victoria University has developed a capability around the detection of drive by download attacks using client honeypot technology [1-3]. Two types of client honeypot, low-interaction and high-interaction honeypots, have been developed to inspect malicious web pages. A new client honeypot model, called a hybrid system, has also been proposed to improve the performance of client honeypots [2]. These client honeypots have made significant contributions to Internet security through detection of malicious servers. However, their performance has shown there are areas where artificial intelligence (AI) technology can add value to create more adaptable client honeypots. In this workshop, we briefly present client honeypots which have been developed by Victoria University and how we can apply AI to improve their performances