The Research And Realization Of Distributed Honeypot System Visual Configuration

Most security technologies are designed to prevent unauthorized activity to resources, and security tools are put into place as a defensive measure. Therefore there is some shortcoming in protecting network. Although honeypot is an active defense tool, it must be combined with the dynamic configuration, then it can improve the whole security of large scale of network. Configuration and management of the honeypot system has become the big problem. If the configuration and management are not incorrect, not only it doesn't perform well, but also may bring the additional network security risks.Based on analyzed the research situation of the networks trap in the world, and for the disadvantages of Honeypot configuration at the aspect of deployment shift and the transformation of topology, the architecture of the Distributed Honeypot System(DHS) and its visual configuration are discussed. Our work focuses on the following contents.1) Based on the study of the Honeypot configuration language, the visual configuration methods are put forward, which has considered many kinds of disposition situation in the DHS, and can enable the system migrate, deploy and change the network topology fast. The question of configuration file disposition complicated, operation complex and so on can be resolved better in the DHS.2) The auto generation algorithm of visual configuration file is presented, which can make the disposition deployment chart into configuration file automatically, and can be applied to the dispose of DHS configuration file flexibly, directly and quickly.3) Based on the DHS, the design and realization of Visual Configuration Sub-system(VCS) is presented, which can realize dynamic visual configuration of virtual equipments such as hosts, routers, hubs.4) The representative configuration files are chose to test and analyze the VCS. It can degrade the difficult of system managing, and can be deployed rapidly and dynamically under different network environment. It can improve the covert of honeypot, and can reduce the risk that the true hosts are attacked.Our work has been applied in the project of 'Distributed Network Monitoring and Warning System' (2003AA142010), which provides strong tool and measure for DHS to dispose and migrate quickly.