| Honeypot is one of the most important technologies for network security today. The idea of honeypot was derived from the camouflage and beguilement in military, which is a system for leading intrusion to a prearranged area to protect the real system, study the strategy and process of the intrusion.Honeypot can lure attackers and have them spend their time and resources attacking honeypot, protecting production resources from an attack. Honeypot can monitor, track and log all activities of intruders. Observing their activities, we can learn their tools, tactics, and motives, analyze the threats of systems, research solutions, and fix the systems before they attack the real machines. Therefore, honeypot serves an important role in the active defense of network security.Honeypot is an excellent Intrusion Detection System. Since honeypot has no routine activity, all connections to and from the honeypot are suspect by nature. So honeypots do not generate false negatives, and reduce false positives.Honeypot provides a good platform for computer forensic. Because the information the system collects is related to the attack activity, we can determine quickly the source of the attacker and the full process of the attack by analyzing the information. It also provides the evidence for prosecuting the attacker.This paper will discuss what a honeypot is, its history, its value, how it works and its deployment, outline the technologies of a honeypot system and some honeypot solutions. It also describes two implementations of honeypot: a low involvement honeypot and a high involvement honeypot: Myhoney, and take an intrusion investigating and forensic analysis. Finally this paper gives a new conception of merged honeypot, constructs a model of distribution-based intrusion caputuring system, provides the design of system architecture and functional structure, and describes how it works. |
PDF Full Text Request