The Design And Research On The Linkage Of Honeynet

Honeypot technology is a new merging technology in recent years, it is one kind of security resources, whose value lies in being scanned, attacked and compromised. Honeynet is a sort of the fraudulent network which developed on the basis of the Honeypot technology. As a network system, honeynet generally consists of firewall, intrusion detection system (IDS), one or more honeypot machines, but it can also be constructed on a physical host by virtual machine softwares. So far it had already experienced from the first generation of honeynet technology, second generation of honeynet technology to the third generation honeynet's development process on the honeypot technology, even presented the large-scale Honey Farm technology. But the Honeynet is one kind of new technology, also has the limitations as other new technologies.The Honeynet system has the disadvantage of infirmness linkage between honeypot, firewall and IDS, which does not have self-learning capability to the intrusion rules .This thesis has designed a sort of new honeynet system architecture in view of the problem, this architecture added the data analysis module, and it also enables the deployment honeynet's function to obtain the full display. This thesis has successfully deployed a honeynet system, which meets apart from the data control, the data capture, the data analysis demand. And also the data analysis module is realized with the data mining technology, Specifically using the classical non-surveillance cluster algorithm of K-MEANS to carry on the mark classification specifically to the data, also using the sorting algorithm of C4.5 to pick up intrusion rule of the data which is already marked. And it will keep the intrusion rule into IDS rule sets, thus realizes the honeynet's linkage and the training ability in the true sense. At the same time, when realizing the honeynet system specifically, The system has designed the different storage pattern on the base fully considering the log information's security and reliability, and using bridge's thought to strengthen security of the network management module.