| Internet has been attacked by more and more intruders and worms, network security technologies like firewall and intrusion detection system can only respond to the intrusion passively. Intrusion deception and control technology is a new security technology which can detect, analyze and even control the intrusion actively. This paper analyzes different available intrusion deception and control technologies, combines several technologies like network deception technology, host deception technology and dynamic configure technology, and then provides a new intrusion deception and control model - HoneyGate, which takes the flexibility of virtual deception technology and the advancement of dynamic configure technology to improve the efficiency of intrusion deception. We design the whole architecture of this model, explicate chiefly packet capture module, network deception module, host deception module and dynamic configure module, and test the key implementation through experiment. WinPcap is used to implement the system level program. In network deception module, we use Binary Tree to construct the virtual routing. To increase the model's deception capability, we introduce the OS fingerprints simulating method to host deception module. And in the whole model, a new dynamic configure method which combine the active detection and passive detection technology is provided to adjust the model's configuration. Through the experiment, HoneyGate model has been proved that it can deceive the intruders effectively and protect the network's security.
|
PDF Full Text Request