Design And Realization Of The Insider Threats Detection Model Based On Honeypot Technolege

Since the concept of computer virus appears in1983, the network securityaccidents occurred frequently. The network technology makes people convenience, alsobring the threat and damage as well. Therefore, the issue of network security hasaroused people’s attention gradually. However, people have paid more attention to theoutsider threats, ignored insider threats which is another important part of networksecurity. In "the2010/2011CSI Computer Crime and Security Survey" which wasissued by CSI and the FBI, pointed out: since2007, the number of insider threats hasexceeded the number of attacks from outsider threats. Besides the damage caused byinsider threats is more serious than that caused by outsider threats, and so does theeconomic loss[1]. At present, people focus on insider threats detection model forresearch, in order to detect the insider threats effectively.As the false positives and false negatives of the present insider threats detectionmodels are high, and attack types become more complicated and changeable, this thesisputs forward an insider threats detection model solution with self-learning ability afterconducting a research. Through the study on this detection model, we wish that it couldbe useful to detect the insider threats timely. We also hope that it could be useful toresist attacks of the insider threats effectively, and to relieve the harm caused by insiderthreats greatly. We even wish that this model could be useful to offer great help tocompanies, organizations, and even countries for protecting their important informationassets.By reference to a number of scientific research achievements of insider threatsdetection model, we design and implement the insider threats detection model thatproposed in this paper, combining with the honeypot technology. This thesis mainlycontains the following specific content.This paper points out the significance of the research on insider threats detectionmodel, by introducing the harm of insider threats. By analyzed the domestic and foreignresearch about internal threats detection model respectively, this thesis points out theadvantages and disadvantages of the existing detection model. Through introduced andresearched the concept of insiders, the concept and classification about insider threats,the "honeypot" technology, this thesis makes sure that the insider threats detectionmodel is based on honeypot technology. With the research of classical insider threats detection model, this thesis ascertainthe principle of this insider threats detection model. This model extracts the sample ofdata packets from malicious insider traffic, builds the database according to thesignatures generate by the algorithm. This model extracts the signatures about realinsider data packet to do the calculation about the similarity of the signature betweenthe real-time packet and attack packet. By this procedure, the model can to identify themalicious packets. The model will use a honeypot technology to recognize the legalityof unknown packets which was unable to identify timely. Utilizing the honeypottechnology, the model could gain the signature of the new type attack. The model willsupply the new-attack-signature into the signature database.Guiding by the knowledge of software engineering, this thesis designed andimplemented the insider threats detection model based on honeypot technology; Andafter operating a series of functional testing, the test results showed that the detectionmodel has a nice inspecting effect of insider threats.