Research And Implementation Of Honeynet Data Fusion And Correlation Analysis

With the coming of the information era, the faster the technology of network and communication develops, the more vulnerability of the network and operating system exposures to people. The internet becomes the paradise and hothouse of hacker and cracker, all sorts of network security incident frequently appears on some newspapers and media. The security of information is confronted with huge threat and challenge. Hence it is urgent need for people to master the knowledge of network attack and defense to ensure the basic quality of safety emergency response.The core issue of research on network security is to establish a standard test environment to simulate real network traffic, user behavior and attack behavior. In the network attack and defense experimentation system, honeynet is used as the target network of attack. Honeynet which is an architecture builds a highly controlled network. All the activities are under control and surveillance in the network. The network is intrusion tolerance, used to analyze the conduct of intrusion. It can capture real network traffic, user behavior and attack behavior.In this thesis, honeypot system theory is studied; subsequently, three types of trap network technology are introduced and honeynet is the emphasis, its principle and key technologies are analyzed from the structure and function. Then, the honeynet in network attack and defense experimentation system is configured and implemented based on Gen III honeynet technology. According to the comprehensive capture mechanis m of honeynet, the flow of data analysis is designed based on the analysis of penetration attacks and DDoS attacks; data analysis views are designed and developed to implement the honeynet data fusion and correlation analysis. Data analysis views which is based on B/S mode rebuild the attack topology and attack scenarios, provide the full range of information, allow users to have a clear awareness of network attack and defense. In the last, the function test proves the feasibility of this paper.