| Honeypot technology is a new initiative technology based on the defense network security, it is a kind of security resources, its value lies in being scanned, attacked and compromised. Honeypot system can lure intruder's attack by using a seemly vulnerability, so we could study their attack motive, method and tools, and then can improve our network security. Honeypot is regarded as research tool from the day it was proposed, but it only has successful applications for commercial purpose. So how to build a honeypot system, which is not only can play research intruders role but also can play the safe protection role, has the practical significance.The thesis focuses on the honeypot system's role. Firstly, the thesis outlines the traditional security technology and anomaly detection technology, and point out the importance of network security; Secondly, the thesis introduces the concept, classification, characteristic of honeypot, and focuses on the key technologies of honeynet and structure, working mode of honeyd; Thirdly, according to the problem that honeypot can not play the security role, the thesis presents a Real-time Alarm Honeypot System Architecture(RASA). In the thesis, anomaly detection, which makes the honeypot system not only has the research value, but also can protect other computers, and system management modules, which makes the honeypot system management more convenient and flexible, is involved in the RASA; Fourthly, system management module, anomaly detection module, remote log module and secure communication module are designed and implemented. Data control and capture are implemented based on firewall and IDS technology.Finally, the thesis summarizes this honeypot system's characteristics and puts forward some suggestions on how to improve the existing honeypot system. |
PDF Full Text Request