Research Of Linkage Security Defense System Based On Honeypot

With the rapid development of the Internet, Our network faces many new threats and unknown attacks. Complex network environment lead to increasing demand for security. And it is no longer single security needs, because of the limited role of individual safety equipment can not be sustained for senior attack to make a timely response. So linkage comprehensive security system is very important. Now the biggest threat is unknown type of zero-day attacks. They are often able to break through the traditional security system, and then threat to the internal network information security. How to deal with it is the problem to be solved. Manual analysis and manual patching are inefficient. This thesis researches linkage security defense system based on honeypot. The main content of this thesis is as follows:(1) The thesis proposes a new linkage security defense system based on honeypotThe linkage security system are detail researched. And the overall linkage protection system has been designed. The thesis proposes a new linkage security defense system based on honeypot. It makes the network flow first to the honeypot through redirects data packets. Then it determines whether it is malicious attack data. So the unknown types of attacks flow can be instant blocked by the linkage security system. Construction of integrated network security system can provide a more complete security solution to ensure the security of network information is reliable.(2) The thesis proposes a method for interactive spoof on the network layerThe method for interactive spoof on the network layer is possible for making a virtual network more convenient and more detailed configuration of the system. By establishing a template, it is able to quickly create a honeypot. With fingerprint database of the scanning analysis software, modify the format of the response data packet to deceive fingerprinting tools. Use simulation common and easy attacking services to improve the probability of capturing the attack. The use of simulation methods of routing information, increasing the fidelity of the network. This method has useful advantage in the linkage security system. It solves the traditional limitations of the method.(3) The thesis proposes a method of attack capture based on taint analysisAttack capture method based on dynamic taint analysis, make the honeypot mark data from network. After the occurrence of attacks that can react to unknown attacks. The state of the system at that time would be recorded and a memory snapshot would be produced. With iterative LCS algorithm that can automatically generate signature of the attack code. Taking it directly into the rule of intrusion detection system, which can block the attack effectively. So the response time of linkage protection system will be reduced. And the security of the whole network can be effectively improved.