| With the widely use of computer and network, the security problem in information network is becoming increasingly serious. Intrusion Detection System (IDS) is a kind of dynamic defense system, compare with traditional security technical it has the advantage of active defence. The 4 key points of traditional IDS are: comedown miss/mistake alarm percentage, collect information, find unknown Intrusion, make sure cover-up of IDS.This paper analyzed traditional IDS function, discoursing upon the core requirement: IDS cover-up, data control, data collection, honeypots management & data analysis, raise a virtual honeynet based IDS. The IDS uses bridge and side listener to make the IDS be unvisible for attacher; using firewall, snort, raw socket and tap to implement data control; using Sebek and TcpDump to collect honeypot system log and network data flow; using VMware ESX Servr to setup distributed virtual honeypots; using ETL function to extract/transform/load data in log, providing data analysis application by web service. Finally, using an application instance deployed in a enterprise to verify the usability of this design.The achievement and significance of the research is that the IDS support distributed honeypots deployment in several network segments, improving the coverage of data collection, comedown miss/mistake alarm percentage, raising the manageability of honeypots. |
PDF Full Text Request