| Currently, with the development of communications and computertechnology, the computer network has become an important mean of informationexchange in people common live. As a result, a number of network andinformation security problem has affected the vital interests of the individual andthe company. What’s more, when it comes to the increasingly serious securitythreats, it is found that there are some potential problems and threats in thenetwork, which is a core point to reduce the loses. However, the traditionalpassive defense network security technology can not be achieved obviously.Eventually, honey-pot technology makes up for this gap as well as changes frompassive defense to active defense.Honeypot is a kind of system resources, it does not have any product value,the value of it is probed and illegal use. What’s more important, the goal of usehoneypot technology is to attract attackers. When the attacker is tricked into ahoneypot, the honeypot will monitor and analyse the behavior of attacker.Acttually, the behavior mainly comprise detecting, attacking the invasion etc.Eventually, according to the collected data of the invaders, the author sums up themeans and intention of the attacker.However, it is expensive and complex to deploy as well as manage honeypotcurrently, particularly in large organizations network. Consequently, this articleclosely revolves around to study the advantages and disadvantages of all kinds ofhoneypot. As the same time, honeypot system focus on improve the extensibilityand flexibility, raising a new mix structure of honeypot. What’s more, the mixhoneypot structure uses not only the advantages of high interaction honeypot,butthe advantages of low interaction automatic filtering and saving resources.According to their goal, it reduces the size of the data collection, allowingresearchers dynamically assigned to collect that type of attack.The most important two module in mix honeypot is the decision enginemodule and redirect data module, at the first step, decision engine can solve the problem of data filtering, and redirect module solves the data redirecting.Followed by data decoy module, it implement a large number of data collection,achieve the low interaction honeypot honeyd’s extensibility. The honetybridfirewall mixs low interaction honeypot, intrusion detection systems and the highinteraction. As a result, they capture suspicious traffic in common. All in all,according to the intrusion detection system, low interaction honeypot log dataand high interaction honeypot to obtain the attack’s feature. |
PDF Full Text Request