Research And Application Of Network Attack Defense Technology Based On Honeypot

Today there are more and more development in the network,increasing the efficiency of the dissemination of information,the scope of influence are increasingly being used,network security has been much more important,network security has two types:one is the network information security;another is the network devices security.LAN with high efficiency transmission performance,low-cost investment,has spread to all place.With the rapid development of the Internet in recent years,viruses,Trojans,worms and malicious users have been concerned about the LAN,because the control of data from the outside is very strict for general corporate firewall,a configured local area network usually can not be hacked from the outside or penetrate into the opposite network,but the data inside the firewall will be trusted in the default mode,that make hackers attack from inside the firewall can not be stopped by any LAN security policy,these are key factor of the LAN security risks.For the LAN information security there is a system based on honeypot and access control.The system has two parts:the honeypot system and access control system.Honeypot is a system whose value is being probed,attacked and destroyed,it' s a system which we can use to observe the behavior of the hackers.The system is designed to attract the hackers from the valuable system,which can provide early warning of network intrusion,and can provide means of attacks being recorded and analyzed.Honeypot is the main technology of Intrusion Detection System,which can reduce the possibility of attacks to valuable network,can provide more detailed data of the attackers,can strengthen the defense of valuable network.Access control system is a system which control LAN network devices accessing network resources.The system establish a security device library for LAN network devices,which judge and refuse network devices outside of the LAN according to the database of the security device library,induced hacker found and attack virtual honeypot system,and protect the valuable information in the LAN.Honeypot system have different types according to different classifications,we use mixed virtual honeypots which can guarantee complete functionality and reduce maintenance difficulty-Network device exclusion system is using the network proxy selection mechanism,which use a host as a proxy,and does not require another host to setup proxy host.In the actually invade testing,the system mark hacker ' s device identification,isolate the device accessing to the real network,open their access to the honeypot system,the hacker can only interact with the honeypot system,the design requirements is complete.