A 'honeypot' is designed to detect server-side
attacks. In contrast, a 'honeyclient' is designed
to detect client-side attacks. Specifically, a
honeyclient is a dedicated host that drives
specially instrumented applications to access
remote servers to see if those servers are
behaving in a malicious manner (by compromising
the client). Honeyclients can proactively detect
exploits against client applications without known
signatures. This framework uses a client-server
model with SOAP messaging as the primary
communication method, and uses the free version of
VMware Server as a means of virtualizing the
client environment.
