Reseach On Warning System Base On Honeynet Technology

Along with the computer network technology developments, the network security becomes the most concerned issue. In nowadays, detecting the intrusion is becoming more and more difficult as the intrusion method of intruders changed with each passing day. Many organizations use firewall, IDS ,virus defend system that are not enough to protect the network security . Its important to take action before intrusion happens to the protected network by warning technology. We can use the technology to hold the conversion between attacking and defensive mechanisms in information network, protect the rights and interests of our country in information space and also take prepare to the information war which shall happen in the future.The paper is one of the pilot item on national level which have many achievements----Information Security Class Protect pilot item.(NO. 200402008).The paper shows research and practice on warning system base on honeynet technology. Honeynet itself is a security resource that can be scaned, attacked and captured. The paper introduce the background of network security warning and honeynet research at first, followed by the brief introduction to the background knowledge, including the current study status inland and overseas, and introduced some elementary knowledge which will be refered to in the article, and then designed a new warning model bese on ARIMA model. We designed and tested the system particular and the result shows that the system can capture attack information well and warn ahead. then summarized the main barrier in the study of this system, and pointed out the development tendency for further study.Honeynet machines are designed to mimic systems in order to mislead intruders from breaking into the real system. By luring the intruder to a Honeynet machine an administrator can monitor the activity of the trespasser. The administrator can then learn about the vulnerabilities of the current system and redesign it to be more secure. But in order to do so the administrator must properly build the Honeynet machine is such a way that the Honeynet machine fools the attacker in believing that it's the real system so that he/she can effectively log information about the attackers'behavior.As a new security technology of network, honeynet extends existing security system of network by put forward idea of initiative defence which is becoming the inevitable direction of network security technology. Omnidirectional coordinated defence with...