| Honeypot, developed in recent years, is an active security technology. It set up a special application system to be attacked by hackers, in order to record the activities of hackers. So security manager can learn the ways and means of attacks, and detect potential threats in application system.Firstly, this paper provides the overview of applications and shortcomings of current network security technology. And the paper researches the status of honeynet, the key technologies adopted in honeynet and the types of honeypot. Then the paper brings forward a model of honeynet. The main purpose of the model is to study intrusion. We designed and realized the fundamental functions including data control, data capture and analysis, and so on.This framework combines several advantages of data collection mechanisms on network and in host. It not only captures packets sent by intruders, records the information of attacker's keystroke on honeypot and files accessed, but also backup the data captured to remote server to safely store up. We analyze the data captured by honeypot. According to attack tree, we restructure attacked process and learn potential threat in application system. We research the information of attackers, and extract intrusion signatures. The signature extracted may extend the signature base of Intrusion Detection System, in order to improve its capabilities, which detects network intrusion. It turns passive defense system into an active-responding defense system. |
PDF Full Text Request