| With the development of network applications and the improvement of the hacker technology, an active network defense technology which is called honeynet appears. The high-interaction honeypot is a honeypot system deployed of the real host, operating system, network services. Using high-interaction honeypot in a honeynet system will be more likely to attract the attacker's invasion. We use the data control, data capture, data analysis to find out the attacker's behavior and tools he used in order to upgrade the security of the real business system.By study the technology on the current honeynet system, we summarize an alert log feedback mechanism-based high-interaction honeypot. We make a feasibility analysis on it from the technical angle. And we study the high-interaction honeypot model, intrusion detection model and the model of log analysis and feedback.We carry out a detailed system architecture design, module design and internal and external interface design for the high-interaction honeypot system. In the high-interaction honeypot deployment part, we give an abstract of a model which is suitable for deploying every high-interaction services honeypot, it can simulate a large scale of virtual honeypot and provide real services through the real server. In the intrusion detection technology part, we study how to use the network intrusion detection and host intrusion detection technology in honeynet system, especially design and implement the host monitor program for both Windows and Linux operating system. In the log analysis part, we combine the time associated and path associated to analyze the alert log sent by intrusion detection module. We use the log feedback mechanism to update and improve the deployment of high-interaction honeypots, intrusion detection module and so on.Through experiments and tests, we find out that the log feedback mechanism which update each module in honeynet system help improve the system performance and efficiency. |
PDF Full Text Request