Research Of Network Security Based On Virtual Honeypot

In recent years, with the development of Internet Technology, more and more services are provided by network. However, at the same time the attacks to the websites and the occurring and spreading of virus also increase. Now, it becomes a big threat to the network security. The popular network security technologies such as firewall, intrusion detective system are all belongs to the kind of passive defense measures based on the already-known facts and attack pattern, so they are always designed after the attack happens and function passively.This thesis studies a new initiative network security technology—honeypot. This technology can make up the shortage of traditional network security technology which cannot find and prevent the unknowing attacks by using actual or simulant network or services to attract attacks. It is a network trap technology. Because it may take too much time and cost a lot to assemble a large number of actual honeypots, the writer focuses on honeyd—the virtual frame of honeypot, which can simulate thousands of virtual honeypots on one computer. This thesis analyzed the logical structure of honeyd, especially its key technologies such as fingerprint matching, virtual honeypot, etc.In this thesis, a virtual trap system is designed, which uses honeyd to simulate virtual honeypots, and simulates network services by making and using scripts. It uses the technology of simulating the network stacks of different operating systems and simulating the dynamic network routing top structure. It uses firewall's IPTable to supervise the system in order to prevent hackers using it to attack other host computers after they intrude in the system. The system is tested in a campus LAN, which proves that it can successfully trap attackers and reduce the burden of important computers on network. Due to the importance and shortcoming of honeypot log, we design a new method to transfer the back up of important system log. In this method, a Linux log server is used to modify the honeyd's source code and Linux's syslog.This thesis also analyzes and studies the biggest network security threat---- worm virus. Based on the spread mode SIR and the features of honeyd, the writer introduces a method to capture the worm's copy and shift the attacks, and to recover the infected host, in this case it can reduce the worm's damage to the LAN.