| With the development of the Internet and the advent of social networks, network security issues more and more attention. At present, the network security technology includes such as encryption and authentication, firewall, intrusion detection, access control, these safety precaufions are mainly based on the known facts and attack mode and take a passive defense measures.This paper analyses the pattern matching based on a passive defense intrusion detection technology, intrusion detection need to update the rules in time, otherwise it will omit the latest attack. According that intrusion detection system can not be timely updated the characteristics of the shortcomings of the initiative taken by the honeypot defense technology to automatically update signature attacks, inorder to reduce the omitting risk of intrusion detection system.Honeypot is a newly developing field of network security. By constructing a security loopholes in the system, it lures the invaders and attacks them, detailed recording the invaders in the course of the invasion of means, motive of the invasion, the use of information tools. With information gathered by the invasion, we can get the latest technology used by invaders to find out security flaws in the system. The virtual honeypot can effectively prevent the host to be attacked.This thesis presents a virtual honeypot based on the attack signature automatically generated system,via using open source software virtual honeypot Honeyd, with its plug-in support functions, Signature Generation System(SGS)produced the attack signature for Snort automatically. Morover, it drew off the invasion rules for the data of Honeyd, and compared to the rule base of Snort. If there is no invasion similar rule existed, SGS will automatically create a new rule. Otherwise, SGS will update the rules. In this way, the automatically updated Snort rule base has reduced the risk of omission of Snort. |
PDF Full Text Request