The Research And Improve Of Control Algorithm In Virtual Honeynet System

With the huge development of the computer and network technology, great changes have occurred in people's life, study and work. Computer and network technologies make the world more convenient, but bring in a huge security risk. Criminals use network security vulnerability to carry out sabotage activities, so protecting the network security become the responsibility of the whole society. When the traditional firewall technology was promoted extensively, meanwhile honey pot, intrusion detection and other new network security technology have experienced great development, and have got more and more attention. The virtual honey network with intrusion detection and honey pot etc. is gradually entering a new stage.Based on the above background, this paper does researches and analysis on the virtual honey network technology and does a detailed analysis against the shortcomings of the control mechanism. This paper proposes anomaly detection mechanism by using anomaly detection based on k-means clustering algorithm and improves the algorithm to solve the shortage of the classical algorithm. After describe the classical k-means clustering algorithm in details, this paper presents an improved algorithm for virtual honeynet. To optimize the structure of the data set and reduce isolated points impact of clustering, this paper departs isolated points from the data set. To get the appropriate number of clusters, this paper divides more clusters,then uses the boundary distance method to combine some clusters. To get the appropriate initial cluster centers, this paper divides the data set with sample distance method.Then this paper use the improved algorithm in the control mechanism of virtual honeynet system. Finally, this paper uses KDD Cup99 data set and data that collected in virtual honeynet and tests both the classical algorithm and improved algorithm, then proves that the improved algorithm leads the classical algorithm on both detection rate and false alarm rate. And the improved mechanism can find some attacks that original one cannot find.