| With the development of science and technology, the usage of the Internet become more and more popular. Politics, economy, military, education and other aspects of the companies, they would like to transfer their work and business by the virtual platform. There is no doubt that the convenience of computer network, and the huge of information and resource make people become more and more relying on the virtual information world. As well as the demand of network security is increasing, the potential risk is more and more obvious. Various threats to network security and criminal cases occurred repeatedly. It has caused lots of losses to the enterprises and individuals. Therefore, people pay much more attention to the solution of information security. In the face of the situation that network attack methods and tools are more diverse and complex, security researchers need to take appropriate measures to defense attack, and prevent enterprises, individuals and government’s sensitive information from being destroyed to ensure the security of computer network.The traditional network security protection systems, such as antivirus software, firewall, have been widely used, but these traditional defense ways are passive to attacking behavior. It is necessary to predict and prevent unknown attacks. As new attacks always cannot be identified correctly, the information security still exists a lot of problems. Based on the theory of positive defense, intrusion detection technology, captures suspicious data, records attacking process, analysis detection behavior, and generates information alerts to safety management personnel, so as to maintain the normal operation of the network.This paper designs and realizes an intrusion detection system based on host in the honeynet environment, while deploying firewall linked with it to defense against attacks. Honeynet based on linkage mechanism of the host intrusion detection system and firewall, combining the advantages of all three, makes the defense system more safe and reliable. Honeynet system sets up the network environment, to provide real and virtual hosts and services, and to attract attacker effectively. As the safety barrier of the system, firewall can improve the security of the whole system, make the system more real, at the same time prevent threats of aggressive behavior, ensure the stability of system, and stop the invasion of attackers. Host intrusion detection system is the core of the system. It is deployed in the real hosts, to capture attack invasion, analysis suspicious data, and generate the detected alerts while ensuring the safety of the honeynet system with firewall.There are two main aspects of the research:the host-based intrusion detection part and the linkage mechanism with firewall. Although Intrusion detection technology has experienced more than20years development, the research exists certain problems, such as the high false positive rate and the false negative rate of attacks, the huge redundancy of alerts, and the lack of intelligent analysis. These are the obstacles of all the intrusion detection technology. This paper proposes a algorithm based on hierarchical coordination DFA to detect the host activities, including its process, files, users and network flow. The linkage center would configure new rules to defense the attack according to the alerts sent by HIDS, and it sends these new files to firewall and honeynet to deploy the network in time. In this way, the system can work well and detect more and more attacks. |
PDF Full Text Request