| With rapid development of Internet and network application services, the security incidents continues to grow, such as network destruction and illegal invasion, and it is likely to be worse and worse. The traditional defense has been used for several years, which is based on intrusion detection and firewall, but many problems have been exposed by their own technical limitations in Passive defense. The traditional security is "insufficient" when it confronts the ever-changing technology of hackers. Honeypot is a new concept of security, which is presented by foreign experts. As compared with traditional defense, it has many characteristics, such as detecting precise, transferring the threat, and tolerating the limited invasion. Now, honeypot has become a hotspot of network security in recent years.After analyzing the development status and the problems in current application of traditional defense, honeypot technology will be applied to security defense of network in this paper. A distributed intrusion defend model based on the honeypot (Dis-IDHoneypot) was proposed, and researched how to deploy honeypot.In order to achieve the defense of traditional and new ways to complementary advantages, and reply the changing threat of invasion, Dis-IDHoneypot model integrates intrusion detection and honeypot technology in this paper, combining the characteristics of honeypot, the monitor algorithm of competence status and intrusion detected algorithm based on threat matching were designed in the model.After testing the Dis-IDHoneypot model and related algorithm in the network environment, it is proved that honeypot has the good performance in the detection of unknown threats and reduce the probability of the host be attacked, which in the Internal network. It can help IDS to improve ability of detection, enhance the ability of defense.The Dis-IDHoneypot model provides a new dynamic security defense mechanism to network security, it is valuable in theory and practice. |
PDF Full Text Request