Coordination-based Virtual Honeynet's Implementation And Analysis

With the continuous development of network technology, network intrusion methods and tools has become more diversified, the traditional static defense, passive defense is difficult to meet the current demand for network security. Honeynet-based technology, the active defense of the security system network security technology research has become the focus of attention.Honeynet technology, mainly by setting up a dedicated application systems to hackers, When the hackers attack, recorde the activities of hackers to find ways and means of hacking in order to identify potential threats. Virtual Honeynet is a kind of solution allowing us to run on a single machine to all the components. that is, on the same hardware platform to run multiple operating systems and a variety of network services a virtual network environment. Honeynet malpractices honeynet system in cooperation with the honey pot, IDS, firewall and other components together according to certain rules of interaction, so as to achieve the overall security Honeynet control.We discuss the honeypot and honeynet works and the specific implementation, explain the honeynet's operating way and the four core requirements in details, including honeynet works, honeynet data control, data capture, data collecation, data analysis, Meanwhile, on the Honeynet system, firewall, intrusion detection systems, honeypots study of the various components work together, based on the design and implementation of a Windows-based platform for collaborative virtual honey-based network systems. In this system, synergistic interaction honeypot and IDS rules to be invaded, when the IDS to detect intrusions after the timely notification of firewall, blocking hacking honeypot intrusion into records sent to the log server. System logs to analyze and extract the invasion of the rules, and then a new rule added to the IDS rule base, so that IDS can detect new intrusions. A series of experiments and tests have been developed in the campus network in Sanmenxia Secondary Specialized School, Henan Province. It achieves good effect. According to analyze the captured data, we discovered the characters of the hacker's attack, having a general understanding of the hacker group which provides a basis for the consolidation of network security.Finaly, the design of honeynet was summarized and the existed problems were found and improved in the paper. The study also show a trend and propects to the honeynet technology.