The Research And Implementation Of Active Defending Worm System Based On Honeyfarm

With the wide application of Internet, it brings people more and more economybenefit, bears the weight of more social value. Now the attacks and crimes againstnetworks become more and more strong, so the computer network security is moreurgent and important in face of these stronger attacks. Because of the limitation ofTCP/IP protocol suit and operating system software in design and realization, theattackers have the chances to attack bugs in TCP/IP and software systems, and thesecritical situations bring challenges to network security research.Now with more and more large networks scale, their complexity and heterogeneityget increased, and the security events of network damaging are more and more frequent.Traditional passive defending schemes reveal invalidation, incomplete mechanism andlimited methods. In order to efficiently maintain the network security, we must activelyexplore the potential bugs in networks and research the new attack methods adopted byhackers.This paper analyzes the weakness of present security tools based on common attacktechniques, and puts forward the new security requirements. It emphases on Honeyfarminfrastructure based on dynamic trap generation technique using active defending andauto-extraction in the background to worm virus character codes using trap infrastracture.The paper's main research and work are:1. Explaining the threats to network security, researching the present status ofHoneypot technique and the the damages caused by worms and the worm defendingtechniques, analyzing the limitations of the present security tools and new defendingrequirements.2. Researching and giving out the Honeyfarm infrastracture based on dynamicHoneypot generation using active defending, analyzing all function modules, andimplementing the key techniques of dynamic Honeypot generation.3. Designing and implementing the worm virus catching and the auto-extraction in the background to worm virus character codes based on Honeypot, giving out the designthoughts of auto-extraction of worm character codes based on Honeypot in order to solvethe low efficiency problem; researching the structures and main algorithms of theprototype, implementing the worm character codes extraction using frequent stringspresent in the data packet payloads, at last, validating the design and analyzing the testresults.The attack methods are developing, and developing the security techniques is infinite.The technique of active defending system using Honeyfarm is the current trend ofanti-virus trap techniques and has a large development potential. Combining activedefending Honeyfarm system, firewall and intrusion detection system can build acomplete, dynamic, active defending infrastructure to improve the capability of variouscurrent security tools, conquer weakness, change the status of single-fighting, separationand low efficiency of the present security tools.