Research On Intrusion Detection Technology Based On Honeypot

With the development and widely application of computer network, networksecurity technology has become very important to computer science. In many kinds ofnetwork security technology, the intrusion detection system (IDS) depends on quickdetection method and becomes an enhanced complement of firewall technology. Theavailable detection is primarily based on known facts and known attack patterns andmainly is through passive defense means. All these means seem not capable of handlingcomplex and swiftly changing attach methods.This paper suggests a new intrusion detection system based on honeypot technology.Honeypot allures attacker by some obvious security vulnerability, at the same time,monitors the hacker's behavior and sends attack information to intrusion detectionsystem. Intrusion detection system analyses attack information and extracts character ofattack, so in next attack it will recognize unknown attack. The main tasks are listed asfollowing:1. With the idea of combining honeypot technology and intrusion detectiontechnology, intrusion detection system is enhanced to accurately detect unknownattacks.2. The attack characteristics inspection method based on the conversation to isproposed to improve the accuracy of detection.3. Hook callback mechanism will be put forward for honeypot system ideas and it canprovide more detailed attack log.4. Introducing independent log console design, strengthen the protection of attacks logintensity.5. The introduction of scalable XML encryption communication protocols to ensurethat the intrusion detection system and the honeypot system security communications.The results of experiment indicate that the proposal of this paper can solve theproblem that intrusion detection system can't detect an unknown attack.Further research will focus on the linkage of intrusion detection system and othersecurity technology. Intrusion detection system has its inherent faults and can'tovercome by itself. Further research will depend on other security technology toenhance detection method and construct stronger defense architecture.