Design And Implementation Of Honeypot System Based On Snort

With the rapid development of Internet, the problem of network information security is becoming more and more serious, the computer crimes are doubling every year. How to ensure the network security has been focus of the computer science research. The available countermeasures are primarily based on known facts and known attack patterns and mainly are passive defence means. All these means seem too less able to handle complex and swiftly changing attach methods. How to make the network security defense system dynamic and to change measure actively but not passively is the new research task.Honeypot is a new concept in the field of network security. It allures attacker by some obvious security holes, at the same time, monitors the hacker's behavior and records all the information for further analysis. Intrusion detection technology is studied and a high interactive Honeypot system is designed and implemented in this dissertation. By using this Honeypot system, the unknown attacks can be captured, the security bug of system can be found, the attack methods and tools that the attackers used can be known better, and the intention and motivation of attackers can be guessed, then the security defence of real system can be enhanced by technology and management measure.The thesis introduces the theory and current domestic and international study state of Honeypot technology fully discusses several key technologies of Honeypot implementation, puts forwards thinking of data capturing and controlling functions in multiple layers. After deep analysis technological difficult point and defect existing mainly of the technology of the Honeypot, the thesis proposes to the technology expansion method of the existing Honeypot—combine the comprehensive solution of the safe practice of other information. And an improved high interactive Honeypot system is designed, which is integrated with IDS-Snort. Through function test and performance test of the Honeypot, the characters of this Honeypot system are as follows: big information gathering, reasonable information controlling. The Honeypot system that is designed and implemented in this dissertation has obvious advantages on the function of data control and data capture. Combined with other network security technologies, an effective network security defence system can be implemented successfully.