| With the rapid development of the computer networks, more attack methods are found. Traditional network intrusion prevention technology, such as firewall, intrusion detection system, has been unable to cope with the endless attacks. And, all of these technologies are passive defense, and cannot defense attack of the attackers. Therefore, the paper combined with the International Scientific Cooperation Project of Zhejiang Province, to carry out research based on analysis of network behavior attacker crime prevention strategy, and proposed an active defense system archi-tecture based on analysis model of attack behavior. We apply the strate-gies of cyber crime prevention and techniques to the defense system, and built an active defense system to prevent crime, resist network attack.We first introduced the research background and status of the network attack behavior analysis and the network defense technology. Then we researched the usual network attacking methods and the traditional pas-sive defense methods in detail. Meanwhile, we points to the inadequacy of the passive defense methods. And we propose the active defense tech-nology, deeply analyzed the principle of several mainly active defense technologies, as well as defense mechanism which combined with more technologies.Secondly, we introduced a kind of the network attack behavior analysis model which is proposed in our international cooperation project. With deploy much high interaction honeypot system, we collect the data of the attackers’behavior, and analyze the attack behavior from the attacker’s purpose, the level of the attacker’s skill, and the possibility of attack beha-vior. Meanwhile, the corresponding responses are sending to the at-tacker and see if it is effective. So, we can get a set of effective attack preventio-n strategy. The model is applied to the active defense system, to provide the attack prevention strategies and a basis for how to choice the strategy.Thirdly, the objective of design and architecture of active defense sys-tem is given based on the above research, and the main module of the system is introduced in detail. Combined with the IDS, IPS and so on, and around the attack behavior analysis model, the system supplies for two lines of security defense to protect network from attacks. The model can filter part of attacks before the attacker intrudes into system, so the system can reduce the cost of defense, and improve the efficiency of de-fense.Finally, the key modules of the active system are implemented with the software and hardware. And the simulation experiment is done to verify the effectiveness of the system. |
PDF Full Text Request