Research On Mimicry Honeypot System Based Upon Genetic Algorithm

With initiatively knowing hacker organization's attack strategies,tools and purpose,honeypot technology has a very high value to prevent hackers' invasion and makes up the traditional passive defenses such as intrusion detection system and firewalls.However,faced with increasingly diverse attack,it's still crucial to do research on improving honeypot system's attractiveness and adaptivityIn this paper,firstly,we summarize the current research about honeypot technology and anti-honeypot technology from the perspective of defender and attacker.While the anti-honeypot technology widely used,fake honeypot has been applied by defenders which can confront their invasion. Nevertheless the single honeypot technology,we can obviously discover it's difficult to lure intruders deeply.Referenced the nature mimicry phenomenon,our research team has propose the concept of Mimicry Honeypot,which combines honeypot and fake honeypot technology.Mimicry honeypot system is effective to confusing attacks constantly through the protective coloration and warning coloration mechanism,while protective coloration simulates the service environment and warning coloration simulates the features of honeypot.And this paper focused on the evolution of mimicry honeypot protective coloration and warning coloration.Secondly,in spired by nature evolution theory of “survival of the fittest ”,we discover Genetic Algorithm has been widely used on the optimization of service combination method and intrusion detection rules.After expounding the process and benefits of GA,we focus on the GA optimization method of honeypot service.Through deeply studying of mimicry mechanism, we propose mimicry honeypot services evolutionary algorithm based on adaptive Genetic Algorithm(GA-MHEA),by means of genetic algorithm's randomly search strategy and excellent individual inheritability.In response to the service features and content,weformalizes the key service features after extracted so as to code binary, and inducts the fitness function depending on the honeypot and fake-honeypot service Qos,which is especially defined for honeypot and fake-honeypot service.During adjusting genetic operators to decrease the answer space,this algorithm can get optimal service features efficiently and implement the mimicry honeypot self-adapting to changing network environment and attacker's recognition.Thirdly, after the description of GA-MHEA,we analyze the severe consequences in case of mimicry honeypot warning coloration being failure and propose server absconds mechanism, which make honeypot server migrate and honeypot candidate,once serve exposed to attackers.Mimicry honey system's anti-attack capability may increase through server escape mechanism.Finally,we verify the effectiveness of mimicry honeypot GA evolution through syn-flood attack after honeypot recognition experiment with system simulation on NS2, as well as prototype on QT platform.The promising result of applying honeypot evolution to mitigate the effects of intelligent attack are shown with analysis,and demonstrate the feasibility and effectiveness of GA-MHEA.