| With rapid popularization of Internet, people pay more attention on the problem of computer network security. Network attacks not only challenge current network technologies, but also cause significant economic losses to users. Traditional network defense technologies have been increasingly unable to meet the needs of information security. Intrusion detection technology acts as a dynamic network technology of protecting network security, based on rule-matching methods to detect intrusion and attack, and especially has a good effect on attacks of known signatures. But there are also significant defects for traditional intrusion detection systems, for example, the false negative rate and false alarm rate of IDS are relatively high, and it has little methods to do with unknown attacks.As a new technology to protect network security, honeypot could not only detect unknown attacks, but also capture information that IDS can not do, making up for default of intrusion detection technology to a certain extent. This thesis introduces virtual machine technology into honeypot system. After comparing and analyzing typical applications of intrusion detection technology and honeypot technology, we propose a integrated solution by fusing them. Then this thesis carries out a detailed analysis and design on every modules of the solution. After that, we build a simulation environment to test data control and security features of the system and its feasibility in the real applications.By Validation, we could conclude that the intrusion detection system based on virtual honeypot fully meets the need of capturing information of intruders, providing comprehensive protection for user’s network. It could detect the intrusion of known attacking signatures, as well as capturing unknown attacks. In addition, it could resist DDoS attacks and zombie virus attacks to some extent. Therefore, this hybrid design has a certain value in practical application. |
PDF Full Text Request