| Traditional security techniques were always focused on the reinforcement and protection in system self. If protect anytime and anywhere, we must tie up great system resources. The only method to not only avoid this unaccepted spending but also keep protecting is to go actively. Intrusion decoy system is a kind of system, which can observe hackers' intrusion actions. It is a new field, and it is important to advance network's security. Consequently Intrusion Deception as a new kind of Dynamic Defensive Technology, is gradually becoming a focus of the network security technology. But to Deception Hosts, if attacker does not attack Deception Hosts, it will not obtain the attacker's information. The key problem is how to direct the intrusion from normal host to deception host.First, based on the research of the newest literatures, plans and theoretics of Intrusion Deception technology, this thesis points out that we must design and realize the Environment Switch technology which have the character of dynamic to solve the key problem. Then, by analyzing the technology of redirect such as NetBait, Bait-Switch etc, and process migration etc, this thesis brings up a new clue of Intrusion Deception System with Environment Switch technology, and takes User Environment on an switch object, this thesis designs and realizes the Environment Switch Subsystem based on the TCP layer. Consequently, this system can switch suspicious users from Real Host to Deception Host by Environment Switch Subsystem actively. The major work and achievements includes:First.research and analysis have been done Based on the summarizing and analyzing the system architecture, functions and characteristics of the existing Intrusion Deception System. The successful experiences have been summarized and shortcomings pointed out, based on which the new Intrusion Deception System prototype with Environment Switch technology has been brought up, And according to the prototype, the thesis design Environment Switch Subsystem based on the TCP layer.Second, by reading the Linux resource, deeply analyzing the Socket Communication process and process management in Linux System, we provide the definition of the state information which the subsystem needs to migrate.Third, according to the features of Linux kernel, put forward the methods of various state information's retrieving, migrating and recovering in user environment switch and user connection switch technologies. By means of modifying Linux kernel and adding kernel module, we implement the Environment Switch Subsystem based on the TCP layer.At last, thesis points out the further research direction, which is the switch technology of telnet etc application layer network services. |
PDF Full Text Request