| Honeypot is a completely new network security technology that is emerging in recent years based on the ideas of cheating in the war. It is a resource which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. The emerging and booming of Honeypot technolody also triggers the development of another completely new study area: the Anti-Honeypot Technology, which is focusing on the methods used to identify Honeypots. This paper discusses about the Anti-Honeypot technology.After the deep study of Linux operating system, Honeypot technolody and current Anti-Honeypot technology, we come up with an Anti-Honeypot principle and implementation approach from system kernel level to detect high involvement Honeypot. And we introduced the first time our Linux based Anti-Honeypot solution with combination of multiple detection techniques.Loadable kernel module is one of key Anti-Honeypot technologies. It enables Anti-Honeypot system to reach the core of the target system and identify the Honeypot from kernel level. Detection sub-system is the most important part of Anti-Honeypot system. It firstly identifies the Honeypot from system call functions, system files, system processes, system modules and system outbound interfaces, and then analyzes the recognition results of each modules. As a result, it makes the overall evaluation and judgment of the target Honeypot and greatly improved the accuracy of the recognition of Honeypot.This article elaborates how to implement the Anti-Honeypot system on the basis of discussing about the concept, the classification and current research situation of Honeypot and Anti-Honeypot technology. At the end of the article, it introduces the details of the functional modules, identifying procedures, detection subsystem design, implementation and test of the Linux based Anti-Honeypot system. |
PDF Full Text Request