| With the increasing popularity of Internet, it is more and more important to keep the electronic word healthy. In the real network, We will suffer from all kinds of threats that you can not guess, it will become more and more difficult to maintain the normal operation of network system based on network secutity. Therefore, the establishment of Network Security Warning System is very important and urgent. Honeypot is a kind of computer resources which is monitored closely, and its function is to be probed, attacked or captured. The core of this thesis is how to widely use the Honeypot in the Network Security Warning System. The Network Security Warning System which is designed by this paper is based on Honeypot technology,it can attract the network attack, discover the behaviors of attacks, collect the manner and process of the network attacks for further study, capture the malicious code, and provide early warning for network so as to protect the whole net from attacks. It also can track the botnet and pro vent it to spread.In this paper, we firstly introduce the definition, classification and function of honeypot. Our system mainly denpend on three honeypot softwares,there are Honyed, Dionaea and Honeywall, we will introduce their structure, functions, characteristics, installation and configuration in detail.Secondly, with the features of honeypot, we design a topology of network to form a system platform. We know that.the high-interaction honeypots can achieve a deep level of interactivity,but they should not be a large-scale deploy me nt,the level and depth of interaction of low-interaction honeypots which can be easily deployed is not as good as the high-interact ion honeypots. High-interaction honeypots which can respond to zero-day attacks will grasp the manner and process of network attack more clearly, the low-interaction honeypots which is convenient maintenance and easy deployment can easily capture independent propagation of malicious code. Therefore, the network security warning system which is designed in this paper is composed of high-interaction honeypot and low-interaction honeypot, so the different types of honeypot could get their use, the basic functions of system platform could be achieve perfectly. Thirdly, our warning system is composed of high interaction honeypots, low interaction honeypots and console, so their relevant configuration will be introduce in detail, and the entire configuration process and parameter settings will be demonstrated. In order to adapt to our warning system functional requirements and improve the capture function of Honeyd, this paper compiles the service scripts for Honeyd and rewrites the statistical script for Dionaea, and designs the packet capture program based on WinPcap. The program can capture the data which is from Honeyd, it also can analyzes the captured data and writes them to the specified file. Moreover we will test our warning system in the network of laboratory. In this paper, we get a lot of the associated information, such as malicious IP addresses, services and the time of high attacking. According to the early warning information, we can do something on the settings of gateway or use the risk-averse strategy to ensure the safety of the working area. We use Ether to call the API functions of the malicious code which is captured by Dionaea. In order to summarize the behaviors of the malicious code, this paper makes statistics for these API functions. So, what we do will help us profoundly understand the malicious behaviors, grasp the attack laws, the right to provide early warning information there are many useful help. This will provide many useful help for early warning.Finally, through the test, we verify the functions of warning platform, and illustrate the improvement direction of the Network Security Warning System which bases on the honeypot. |
PDF Full Text Request