| With the wide use of computer and network, the security problem in information network is becoming increasingly serious. Although facing the severe network security threaten, most of traditional network security technologies can only defend the attack with passive way, which means they can not get enough knowledge about the attackers and deal with endless unknown attacks. So, how to turn network security from passive defence into active defence, catch unknown attacks and get the knowledge about the action and motivation of attackers more efficiently has became a hotspot of current research on network security technology.Honeypot is a kind of active defence technologies. The intention of deploying honeypot is to attract the attackers to attack it, then the action data that the attackers left in honeypot system can be captured. The key technology of honeypot is studied and a high interactive honeypot system is designed and implemented in this dissertation. By using this honeypot system, the unknown attacks can be captured, the security bug of system can be found, the attack methods and tools that the attackers used can be known better, and the intention and motivation of attackers can be guessed, then the security defence of real system can be enhanced by technology and management measure.The work mainly includes:①Contrasting to traditional network security technologies, the situation and currently study status of honeypot technology is discussed, and the related principle of honeypot technology is analyzed and summarized.②Key technology of honeypot is researched from following aspects: network deceptive, data capture, data analyse and data control. The idea of capturing and controlling data of multiple layers is proposed.③An improved high interactive honeypot system is designed, which is integrated with exist tools and technologies and implements data capturing and controlling functions in multiple layers effectively. The characters of this honeypot system are as follows: big information gathering redundancy degree, reasonable information controlling. The deployment of network bridge which makes attackers not easy to make sense that they are under monitoring . So this system can capture more data than former honeypot. The honeypot system that is designed and implemented in this dissertation has obvious advantages on the function of data control and data capture. Combined with other network security technologies, an effective network security defence system can be implemented successfully. |
PDF Full Text Request