| With the continuous development of the network, network security has become the focus of people's attention. Distributed Denial of Service(DDoS)attack, based on the Denial of Service(DoS)attack, has become one of the major threats in network security, because it is easy to attack, difficult to be prevented and tracked.Honeypot is a security resource whose value lies in being probed, attacked, or compromised. Honeypot can mitigate attacks, can provide additional , valuable information for administrators at the same time, but honeypot itself doesn't change any information. Compared with traditional security model like intrusion detection, honeypot are more proactive, more interactive and has more learnability. However, honeypot is different from the other's defense system, because it can't control and prevent the attacks.In order to defend DDoS attacks effectively, this paper proposes a new model applying honeypot technology and intrusion detection technology to defend DDoS attacks together, after analyzing the principles and characteristics of DDoS attacks and summarizing the shortage of the existing model to defend DDoS attacks. The model uses a virtual honeypot system to lure the attacker and separate the traffic of attacks. The intrusion detection system in this model is used to detect and prevent known attacks. At the same time, intrusion detection system can capture unknown the traffic of attacks, collect and analyze the traffic of attacks together with honeypot system to defend DDoS attacks.This article describes the specific design and implementation of defense model in detail, including the specific design of the entire defense model, the implementation of the virtual honeypot system in this model, the implementation of internal honeypot system and intrusion detection system, the analysis and implementation of the key technologies, such as the security control of the servers, log alarm and so on. |
PDF Full Text Request