| Based on the active offense theory, honeypot is a newly arisen technology which is valued by the realm in computer network security increasingly. Honeypot primarily lures the attackers by using a seemly vulnerable but well arranged and observed environment to tolerance invasions so that we can study their behavior informations,especially that of new unknown attacks. According to the enemy intelligence obtained, security organizations can better know dangers that their systems are facing currently, and know how to prevent the dangers occurring. Different to the simple honeypot built on a single machine, honeynet as a more advanced honeypot technology can make more network attack information into the open. This network is made up of firewall, router, IDS, one or more honeypot machines, and can also be realized in the form of virtual software. Compared with the simple honeypot form, honeynet is more complexed to be realized and managed. However, by using of its two key technology-data control and data capture, it can not only tolerance invasion easily but also insure the security performance of the trap system itself. Firstly, basic knowledges about honeypot and honeynet are elaborated in the paper,and some contents and productions on this field researched by domestic and foreign organizations are analyzed,too.Secondly, according to the characteristics of research honeynet, the key technologies such as data control, data capture, virtual honeynet, network attack deception and remote logs, are researched and developed further in the paper. Moreover, the antetype of a kind of research honeynet system named HoneySea is brought forward and the network attack deception technology is introduced in detail. Thirdly, functions and performances of the HoneySea system are tested, and the results express that this system has realized all requested targets of the project. Finally, some advices on how to improve the existing system are put forward. |
PDF Full Text Request