| With the wide use of computer and network,the security problem in information network is becoming increasingly serious. Although facing the severe network security threaten, most of traditional network security technologies can only defend the attack with passive way, which means they can not get enough knowledge about the attackers and deal with endless unknown attacks. So, how to turn network security from passive defence into active defence, catch unknown attacks and get the knowledge about the action and motivation of attackers more efficiently has became a hotspot of current research on network security technology.Honeypot is a kind of active defence technologies. The intention of deploying honeypot is to attract the attackers to attack it, then the action data that the attackers left in honeypot system can be captured.The key technology of honeypot is studied and a high interactive honeypot system is designed and implemented in this dissertation. By using this honeypot system,the unknown attacks can be captured,the security bug of system can be found,the attack methods and tools that the attackers used can be known better,and the intention and motivation of attackers can be guessed,then the security defence of real system can be enhanced by technology and management measure. The work mainly includes:①Contrasting to traditional network security technologies,the situation and currently study status of honeypot technology is discussed,and the related principle of honeypot technology is analyzed and summarized.②Key technology of honeypot is researched from following aspects:network deceptive,data capture,data analyzation and data control. An improved high interactive honeypot system is designed.③On the basis of implementing data capturing and controlling functions, focus on the log analysis, port redirection, and feature extraction, proposed redirection techniques based on netfilter, by comparison, the Wu-Manber algorithm for feature extraction algorithm is better than BM.④Combination of firewalls and IDS, building the honeypot system under current conditions, through simulation experiments show that the system has reached the expected requirements of honeypot designed and implement successfully a high performance network security defense system. |
PDF Full Text Request