A Honeynet-Based Firewall Scheme With Initiative Security Strategies

With the rapid development of network technology, a variety of new attack methods to the network come out endlessly. Depending on the static feature data base, the traditional firewalls have more and more limitations to these attacks. Honeynet technology is a new merging technology in recent years, it is one kind of security resources, whose value lies in being scanned, attacked and compromised. By monitoring the activities of the intruders, we can analyze and study the technologies, tools and motives of them, and thus enhance our ability of safeguard our network. The initiative feature of honeynet properly overcomes the problem of firewall in face of the new attacks.A honeynet-based firewall scheme with initiative security strategies was proposed in this paper. The firewall and honeynet achieves data control, data capture together. Then the module of data capture transmits the logs of firewall and honeypots to the log server. Through analyzing the output result of honeynet with data mining technology, the data-analyzing module can discover new attack behaviors timely. The module of data analyzing divides these data into three clusters, which are invalid data, doubtful data and valid data, the doubtful data will be forwarded to the honeynet to be observed by the firewall. Then, according to these findings, the rule-learning module can dynamically create new defend rules and apply these rules to the firewall. By this way, the firewall keeps enriching its security strategies that greatly enhance its ability of defending new attacks.This paper gives a detail description and discussion of the new firewall scheme. Compared with joint-defense technology, the new firewall scheme has more advantages, responding more quickly and accurately to the unknown attacks and being more security of internal security.