Skip to main content

Home HoneyMonkey


(also Strider HoneyMonkey Exploit Detection System)

HoneyMonkey definition

HoneyMonkey is a honeypot developed by Microsoft Research. It’s an automated system of virtual machines that mimic human behavior on the internet to better detect, analyze, and understand online threats and web-based exploits.

A HoneyMonkey virtual machine interacts with malicious websites (clicks on links, downloads files, fills out forms, etc.) and monitors the system for any changes that indicate an exploit or infection. HoneyMonkey logs any details about identified exploits and alerts the cybersecurity team about the new threat.

After each session, HoneyMonkey resets to a safe state by cleaning any infections it may have contracted during its research.

See also: honeypot, zero day

History of HoneyMonkey

Microsoft Research created the HoneyMonkey in 2005 as part of the Strider HoneyMonkey Exploit Detection System project.

HoneyMonkey virtual machines successfully identified several zero-day exploits, giving Microsoft and the broader cybersecurity community a head start on addressing them. The project also successfully mapped many malicious websites, which were subsequently taken down or blacklisted.

HoneyMonkey provided a wealth of data on how different systems, depending on their patch levels, were exploited. This helped Microsoft and other software companies prioritize their patch releases based on the vulnerabilities most often targeted by attackers.

The insights gleaned from HoneyMonkey have been significant for the cybersecurity industry, enabling more proactive detection of malicious exploits, more effective patch management, and generally advancing the threat detection and prevention field.