The Research On Honeynet-based Network Security Defense Technique

With the rapid development of the information technology, people’s ability toaccess to information and manipulate information, has been greatly improved. At thesame time, more serious security problems also have been produced. In view of this,we propose a honeynet-based network security defense technology. The technology isa five-layer defense system with multi-level, open, targeted and the overall linkagecharacteristics.This thesis systematically analyses and studies the collaboration in the varioussecurity technologies, in the base of reading a lot of references published home andabroad. The traditional security techniques use static protection methods, mostlydepends on the knowledge of the existing attack, emphasis on passive defense,powerless to face the unknown intrusions, and honeynet is easily compromised and soon. To solve these problems, collaboration between traditional network security andthe honeynet technology was studied. The result shows that linkage between them isnecessary. According to closed-loop theory, the honeynet-based defense networksecurity model and architecture has been given, a formal analysis of the model hasbeen made, their linkage mechanism has been achieved, and the deployment of themodel has been given. Finally, a preliminary simulation experiment of the model wasmade, and the results show that the effectiveness of its linkage is good. This laid asolid foundation for the follow-up research. In order to improve its overall defensecapability, the research and implementation of the key modules of the model--dataanalysis module, is conducted. First of all, because the formats of the data captured inthe honeynet are variety, to facilitate the data processing, a unified data format is theneed, to avoid large numbers covering the fractional, the centralized and standardizedalso is needed, then improved unsupervised clustering algorithm used to classify data,according to the characteristics of the honeynet, and then using a simple markupprocessing and feature extraction. The experiments were carried out usingKDDCPU1999data set. The results show that the method has achieved good results.Finally, the design of the defense technology in the paper, were assessed from aseries of indicators. And then a summary of the work has been made and the prospectof the next step is given.