| Because of its openness, internet is rapidly developing, but as the rapid development of network-based economic activities, the security issues became more important. Traditionally, the general security of the firewall is the first line of defense, which is more often used in network security. After careful configuration of the firewall, it is usually able to provide security between the internal and external network protection, to some extent, reduce network security risks. But only at the entrance using a firewall to protect network security is not enough, because the intruder may make a detour round the firewall through the loopholes, while the firewall can not prevent internal attacks. At the same time, along with today's network environment becoming increasingly complex and network administrators's workload increasing, it may be inadvertently left behind a major security risk by the negligence.Network defence must use the deep and various means. Network Intrusion Deception, as a new offensive and defensive technology, fully embodies the idea of proactive defence, which increase a efficient tool for network security by making network security protection from static to dynamic,and from passive to active,so that network security has been beaten in a passive situation to be reversed.In recent years, Intrusion Deception Technology has gradually become a new hot spot for the network security domain,which is not only drawing more and more attention of the people,but also playing an important role in a variety of environments.First, based on the research of the newest literatures, plans and theoretics of Intrusion Deception technology, this thesis points out that we must design and realize the Environment Switch technology which have the character of dynamic to solve the key problem. Then, by analyzing the technology of redirect such as NetBait, Bait-Switch etc, and process migration etc, this thesis brings up a new clue of Intrusion Deception System with Environment Switch technology, and takes User Environment on an switch object, this thesis designs and realizes the Environment Switch Subsystem based on the TCP layer. Consequently, this system can switch suspicious users from Real Host to Deception Host by Environment Switch Subsystem actively. The major work and achievements includes:First,research and analysis have been done Based on the summarizing and analyzing the system architecture, functions and characteristics of the existing Intrusion Deception System. The successful experiences have been summarized and shortcomings pointed out, based on which the new Intrusion Deception System prototype with Environment Switch technology has been brought up, And according to the prototype, the thesis design Environment Switch Subsystem based on the TCP layer.Second, by reading the Linux resource, deeply analyzing the Socket Communication process and process management in Linux System, we provide the definition of the state information which the subsystem needs to migrate.Third, according to the features of Linux kernel, put forward the methods of various state information's retrieving, migrating and recovering in user environment switch and user connection switch technologies. By means of modifying Linux kernel and adding kernel module, we implement the Environment Switch Subsystem based on the TCP layer.At last, thesis points out the further research direction, which is the switch technology of telnet etc application layer network services. |
PDF Full Text Request