Honeyspider Network is a highly-scalable system integrating multiple client honeypots to detect malicious websites.
The project is a joint venture between NASK/CERT Polska (Poland) and National Cyber Security Centre (Netherlands). Our goal is to develop a complete system based on existing state-of-the-art tools and client honeypot solutions including a novel crawler application specially tailored for the bulk processing of URLs.
The major incentive to start this project is the rapidly growing number of browser exploits involving varying degrees of user interaction. These types of attacks lie outside the scope of most current monitoring systems in use. Therefore, we view this new system as an expansion of our monitoring and early warning abilities. Ultimately, the system will improve situational awareness of what is happening on the Internet and improve security services offered by the parties to their constituents.
The system focuses primarily on attacks against, or involving the use of, web browsers. These include the detection of drive-by downloads and malicious binaries. Initially, the main area of exploration is drive-by downloads. Apart from identifying browser exploits (including 0-day attacks), the system is expected to automatically obtain and analyze the attacking malware.
On this site you will be able to find all relevant information about Honeyspider Network - its architecture, installation procedure and a user manual describing how to use it efficiently. The system consists of multiple modules for analysis and classification of live websites. Component-based architecture makes the system extendible, in particular adding new detection modules is relatively easy.
Honeyspider Network public release was announced at the NCSC Conference 2013. Slides (PDF) from the presentation can be downloaded here.
Source code of Honeyspider Network 2 is released under the General Public License version 3.