Research On Network Attack Behavior Analysis And Forensics Technology Based On Virtual Honeypot

With the rapid development of the Internet,cyber crimes brought by various cyber attacks are becoming increasingly rampant.How to effectively curb cyber crimes has become a hot issue for more and more academics.Traditional network security technology is mostly limited to the defense of network attacks,and it is difficult to collect and analyze the evidence of network attacks.When the network system is attacked,network managers are often helpless to the attacker,and it is difficult to find the traces of the attacker's invasion.Virtual honeypot technology can collect network attack data and use the captured data for network attack behavior analysis and network forensic analysis.In order to establish a good network security system and solve the problems of difficult obtaining and analyzing network attack evidence,it is of great significance to conduct in-depth research on network attack behavior analysis and forensics technology based on virtual honeypot.In this thesis,the technology of virtual honeypot is deeply studied,and the important role of virtual honeypot in network attack data capture is analyzed.By comparing and analyzing the commonly used network attack behavior analysis techniques,it is found that machine learning algorithm has better applicability in network attack behavior analysis.The popular machine learning algorithms K-nearest neighbor,C4.5 decision tree and Naive Bayesian are validated through experiments.The results show that these three machine learning algorithms have better applicability in network attack behavior analysis.The classification and recognition of network attacks have good results,and K-nearest neighbor detection is better.At the same time,this thesis analyses the shortcomings of existing network forensics technology,proposes a network forensics method based on fuzzy association,and expounds its feasibility and superiority in network forensics.The KDD CUP99 data set is used to validate the intruder's attack process,and the forensic analysis is realized.Moreover,compared with the traditional network forensics method based on Apriori association rules mining,the proposed network forensics method avoids data redundancy,produces more valuable rules for network forensics,and occupies less computer physical memory.On the basis of the above research,this thesis designs a network attack behavior analysis and forensics system based on virtual honeypot.Through experiments,it verifies that the system can capture network attack evidence,classify and identify network attack behavior,restore the process of network attack and forensic analysis of tracing attacker IP.It has good practicability and application value.