This article is based on the project "Large-scale Intrusion Detection and Stratagem Pre-alerting Technology (No.2002AA142010)", which is sponsored by the National High Technique Research and Developing Scheme (863). Network Intrusion Deception is a initiative intrusion defence technology, which forges network computing envirenment with specified software and hardware, and deceives the intruders to record their information and intrusion technique. It helps to improve the system security and to fight back against the intrusion. The article firstly gives an overview of the contemporary Intrusion Detection Systm, and introduces the Network Intrusion Deception technology. Then, the article describes three classes of honeypots and the building of Trap Network in detail. User-Mode Linux is used to implement the Virtual Distributed Honeypot System. Finally, an algorithm was introduced to analyse the the user keystroke messages recoreded by the system, and we do some experiments to test our algorithm.
|