Research On Technology Of Malicious Code Capture

With the appearance of Internet technology, the society gradually has developed into the Internet age. Internet technology promotes the spread of information and speeds up the development of the society. With the prosperity and development of Internet technology, the number of Internet users have proliferated and all kinds of the application of Internet technology has made modern life more convenient. But with the development of Internet technology, Internet security problem also gradually exposed, especially the threat of malicious code.In this paper, the technology of malicious code capture is studied based on honeypot technology. Firstly the principle of honeypot technology is introduced and the honeypots can be divided into high-interaction honeypots and low-interaction honeypots according to the difference in the process of the malicious code capture based on the honeypots. And based on the research on typical honeypots, the principle of the typical honeypot technology and the structure of the typical honeypots are studiedDue to the shortcomings in the practice of the malicious code capture based on the traditional honeypot technology, a method for malicious code capture is put forward combined with high-interaction honeypots and low-interaction honeypots. Based on the research on advantages and disadvantage of high-interaction honeypots and low-interaction honeypots, as well as the research on the transmission of the current malicious code, a method combined with high-interaction honeypots and low-interaction honeypots for malicious code capture is put forward, which is cluster and distributed. Both methods based on high-interaction honeypots and low-interaction honeypots are analyzed respectively in the paper. A method with the crawler technology also is put forward, which is based on high-interaction honeypots.Finally, a system for malicious code capture based on honeypot technology is designed and implemented, and the system framework and the function of the modules of the system are elaborated. The system is deployed separately in the LAN and the campus network for testing. Based on the analysis of the data from the experiment, the scheme and the design of the system are analyzed and summarized.