Honeypot is a network security technology based on active defense. A honeypot is a network security resource, which can facilitate us to analyze and study the technology, tools and motive of intruders by monitoring their activities, and thus enhance our ability to safeguard the network.We adopt the cooperative technology of Honeypot and Intrusion Detection System, and deploy the cooperative system of Honeypot and Intrusion Detection System in LAN. In this system, Honeypots take charge of capturing attack behaviors, and Intrusion Detection System that is deployed before Honeypots prevents known intrusions from entering Honeypots, which can reduce the complexity of analyzing data. We put forward a method of analyzing data: first, extracting the basic and extend attributes of network packets by the method of protocol analyzing and statistics; second, dividing the data from Honeypot into several classes by using the unsupervised clustering, and labeling it; third, extracting rules from the labeled data by decision tree; at last, adding new attack rules to the IDS rule-lib. The purpose is that IDS can detect the new attacks. This system's effectiveness has been confirmed by experiment. |