Analysis Of Attack Based On Honeynet

Honeynet will generate a lot of original alarms in a short time,which contain a lot of false positives, false negatives and redundant alarms. What’s more, the low-level semantics and independence of these original alarms cannot provide intuitive and effective information to users. So the alarms can’t provide useful information to users intuitive. How to analyze the captrued data for the analysis of aggressive behavior are the difficulties of honeynet technology.Attack graph can identification the relationship between fragility and vulnerability of system and network, simulate all the attack paths that may be subject to a system in the form of graph from an attacker’s perspective, and compensate for the deficiencies of traditional alarm analysis, suitable for multi-step description of network attacks effectively.1)The paper propose to use attack graph to analysis the attackers’ behaviors in honeynet though the studies of attack graph. It make up the lack of traditional alarm analysis that not combine the specific network environment.2) The paper propose to apply the improvemented algorithm in the division and correlation of alarm though the studies of cluster analysis algorithm.3) The paper propose an attack graph coding sequence generation method based on AG_DFS code, though the studies of attack graph coding sequence generation methods.This method improves the DFS code which can be used to code the undirected graph, making it applicable to attack graph.Based on the above studies, the paper designs a model that can capture data and analysis the attackers’behaviors based on honeynet. The model is divided into two parts, one part is to generate coding sequences of attack graph in the offline stage, through the establishment of attack graphs knowledge base, to code the known attack graphs using coding sequences of attack graph, prepare for the alarms analysis. The other one is online alarm correlation, after the refined operations, such as alarm preprocessing, to correlate the alarms based on AG_DFS coding sequence and combined with network information and topological information.The paper presents the design and implementation a honeynet aggressive behavior analysis based on the coding sequences of attack graph. Though builded honeynet experimental environment, the experimental results show that the system can effectively capture alarms and correlate alarms based on attack scenarios, finally verify the feasibility of the system.