Research And Analysis Of Honeypots

With the rapid development of Internet, the problem of network information security is becoming more and maore serious, the computer crimes are doubling every year. How to ensure the network security has been focus of the computer science research.The available countermeasures are primarily based on known facts and known attack patterns and mainly are passsive defence means. All these means seem too less able to handle complex and swiftly changing attach methods. How to make the network security defense system dynamic and to change measure actively but not passively are the new research task.The paper put forward the new active security system: Honeypots. The honeypots is a strictly monitored network decoys, it can distract adversaries from valuable machines on a network, can provide early warning about new attack and exploitation trends, and allow in-depth examination of attacker's action and proseccs during exploitation of a honeypot.The thesis discusses the theory, structure, characteristic, design and implementation of Honeypots in detail. Constructing a virtual Honeypots demonstrate the honeypots's functions. The thesis consists of four parts.The first, this thesis introduce the origins, development, the definition and categories of Honeypots. And value of security, special advantage and weakness of Honeypots are discussed. The comparison of available Honeypots is presented also.The second, And correlative concepts and ideas are analyzed completely, including lacation, operating system selection, information gathering, risk and trend of development. The concept of Honeynet and Virtual Honeynet are discussed.The third, one virtual Honeypots is constructed used honeyd together with snort to validate the concept and implementation of Honeypots.Finally, the all-sided testing of this virtual Honeypots's function is done.According to the conclusion of this thesis, we can claim that honeypots can puzzle adversaries, devert an attack from their real targets, exhaust attacker resources, discover vulnerabilities and new attacking methodes. Worked with IDS and FireWall, the computer network security will be enhanced effectively.