Research And Implementation Of Active Defense System Based On Dynamic Tracing

With the development of Internet, hundreds of thousands of people use network. More and more people transmit information through Internet at work and at life. Because of this, network security is very important. Nowadays, more attacks happen and the users are suffered more. Traditional network defense technologies, such as firewall and instruction detection system, are unable to cope with the frequent attacks. Further more, the traditional network defense technologies act as passive defense. The actions of the hackers can only be detected after the attack. Thus, the defense is at the disadvantage. In this paper, the technologies of network security are analyzed and an active defense system based on dynamic tracing is researched and implemented.With the research background, the technologies of network security are introduced. These technologies include the usual attacking methods and the traditional passive defense methods. Meanwhile, several flaws of passive defense are pointed out and active defense is brought. Then, the advantages of active defense and the principles of intrusion prevention system, honeypot, honeynet and honeyfarm are deeply researched.Then a new kind of active defense system is proposed with dynamic tracing, which is a new technology in network security. The active defense system defends the network with dynamic tracing. Dynamic tracing is a technology which can trace the actions of the kernel and can be used to get information of the system thoroughly. The application of dynamic tracing is also introduced. File watching, process tracing and keyboard strike recording are implemented.After that, in this paper, with the analysis of P2DR adaptive network security model, FSM active defense system model and DTrace host security model, the objective of design and architecture of active defense system based on dynamic tracing are proposed. Several key modules are specified. The active system which includes honeypot, honeynet and intrusion prevention system can not only detect the known attack, but also detect unknown attack. So it takes the leadership of traditional honeynet and honeypot.Finally, the active system is implemented with the existed software and hardware, especially the key modules, such as honeywall, honeypot, DTrace security watching system, network intrusion prevention system, system log, replay and redirection. Some testing is done for the main functions.This paper has theoretic and practical value for network security. Also it gives reference to the development of active defense system on the kernel level.