| In this article the infrastructure and implement of a honeypot system is discussed. Information security defense mechanism is changed from passivity to initiative as the information times going, so honeypot technology is more and more regarded as an effective way to anti-attack. A honeypot should be a strict controlled system (it can be a real deploying network or a virtual system) and detect the action of attacker. When the attack action is taken place, honeypot should redirect it to a deception environment, monitor and log it for later analysis. We can know something about the level, goal, tools, strategy of the attacker, and collect the proof of their action. It can be concluded in 5 aspect of this article.l.Reserch in basic principle and infrastructure of honeypot. The writer discusses the system structure; include involvement level, data gathering method, operation system selection and assistant components etc.2. the requirement and outline design of the honeypot system. Through the analysis and conclude the attack pattern, three main goals is put forward by writer and the function of the product is depicted and analyzed, so as the characteristic of the user and restriction conditions.3. Implement all parts of the honeypot system. The implementation of all function is lain out in this thesis. First is the virtual of the operation system and networks. Then the correlative component - firewall and IDS is'configured as a essential-measure. The most important way is that the attack packet is collected to analyses and log through the packet capture mechanism. In the last the process-hidden technology is carried into execution to strengthen the system.4. the function test and performance test of the honeypot system. At last of this article, we will summarize our research work, anddiscuss those potential research topics in future. |
PDF Full Text Request