| Nowadays, Internet has been an integral part of people’s life. Since shopping online, Internet Finance and social online becoming more and more popular, people’s life is undergoing comprehensive and profound changes under the age of Internet. And leaking of privacy, network attack and exploits of vulnerabilities seem to be increasingly serious. The traditional network security models such as firewall, IDSs, anti-virus softwares and so on, which are based on the passive defense technology, can not adapt to the complex and volatile security vulnerabilities and attacking methods. In order to overcome this deficiency, researchers put forward honeypot technology based on the thought of active defense. The key value of honeypot is to expose sytem bugs actively, attract hackers’s invasion, capture the intrusion data, and then analyze why hackers invade, what hackers use to invade and how they do. With the analysis, the existing defense system can be strengthened effectively.Virtual honeypot, part of honeypot technology, is widely used due to its virtualization which reduce the cost of deployment and maintenance. With the development of information technology, attackers turn to client-side attack making use of client software bugs. And the traditional server honeypot is less useable since it just expose system bugs actively and waiting for invasion passively. Then client honeypot interacting with attcking source actively has been proposed which is mainly used to detect malicious websites and servers.This thesis firstly introduces the background of the study, and then research on the current status of Internet security. After that the basic concept of honeypot technology is illustrated, focusing on the fundamental principles and key technology of client honeypot. Based on the major open source client honeypot system, the author has done a comparative analysis about the structure of client honeypot system and the implementation techniques. The next part of the thesis describes the deployment strategy, the frame structure and the the detail of implement of Honeyspider Network2.0, an open source client honeypot which is chosen in the author’s engineering applications. Furthermore some related presentations about Hadoop platform are given out.And then a closed loop client honeypot system based on Hadoop is proposed in the thesis. The author explains the frame structure, core modules and the C-URL selection algorithm of that closed loop system. In order to manage the system remotely, the interfaces of Honeyspider Network2.0are expanded. At last, the practical engineering guide significance of the closed loop system is pointed out and the thesis summarizes the whole work and brings forth suggestion and view. |
PDF Full Text Request