Intrusion Detection Method Based On Honeypot Technology

People are able to find information and send messages quickly and easily due to the rapid spread of Internet and Web technologies,at the same time,network security issues have becoming more prominent,make use of currently available system vulnerabilities,an attacker can intrusion most corporation internal network to theft of property and important information or do damage on the computer by using the malicious code.Now,in view of these potential threats,in order to raise the security of information,people have proposed many kinds of network security protection methods.Intrusion Detection System is one of many network security protection methods.However,the single Intrusion Detection System can only detect attacks of known signatures,as for attacks of unknown signature is powerless.At the same time,along with the increasing speed in the network environment,the daily increase of the network attack methods,the data that Intrusion Detection System need to processed was also increased dramatically,when the amount of data is beyond the threshold of the processing capacity of the system,Intrusion Detection System will working under high pressure and losing packets,then it cause missing detection.This thesis designed the Honeyd-Snort Intrusion Detection Model(HSIDM),this thesis based on Honeyd low interaction virtual honeypot system and Snort intrusion detection system as the research object,through the analysis of the Snort system,known that Snort system maintains a rule library,adopting based on rule-matching methods to detect intrusion and attack,match the data through the rule library,so the performance of intrusion detection system dependent on how much time the schema matching operation have taken,it consumed about half of the Snort intrusion detection system running time.Thus,by improve schema matching algorithm can effectively raise the system overall performance.Therefore,this paper has improved the algorithm by introduce the hash function into it on the basis of BMH algorithm,thereby reducing the time pattern matching and improve the efficiency of intrusion detection system.Combined the honeypot system to the intrusion detection system,after the data stream filtered by the Snort system,the amount of network data is decreased,when the data flow to Honeyd,it also reducing the pressure of Honeyd,since Honeyd does not provide any services,therefore,any data flow to Honeyd is suspected,Honeyd honeypot system can acquire the attacker's intent and methods of attack by analyze the data.So that the administrator will strengthen the protection of real host.At the last of the thesis,design an experiment for the efficiency of Snort and Data Control,the result of the experiment indicate that the HSIDM designed by this thesis is truly enhance the efficiency and security.