Intrusion Detection Visualization System Based On Virtual Honeypot

With the rapid development of the Internet,Computers and networks have been integrated into all aspects of society.With the continuous expansion of sharing,openness and network scale,network security-related issues are becoming increasingly serious.The virtual honeypot is a technology deployed on virtual machines or physical hosts,which actively induces attackers to attack themselves to record the information related to the attack.Intrusion detection technology is a technology that detects network data through rule base.It can only detect known attacks passively.Honeypot technology can actively capture network flow,will make up for the defect that intrusion detection system can not detect unknown attacks.Intrusion Detection System visualization is a new network security data analysis technology which combines intrusion detection technology and visualization technology,It has the advantages of visual interface,easy detection of network anomalies and attacks,and improving user perception.Firstly,according to the development status of Intrusion Detection Technology,honeypot technology,visualization technology and the merits and disadvantages of other experts who have completed the system,this paper designs an intrusion detection visualization system based on virtual honeypot.Honeyd is used to construct the virtual honeypot,and the data acquisition function of the system is realized.The anomaly detection module is built based on Snort,and the basic detection function of the system is realized.According to the characteristics of network security and network flow,Kmeans algorithm is used to cluster network traffic,and then Apriori algorithm is used to mine rules for some network flow after clustering.The algorithm results are transformed into Snort grammar rules and stored in the rule base of the system,which realizes the dynamic updating of the rules.Finally,HTML5 + CSS + jQuery is used to build the front-end page,and SSM framework is used to build the background to realize the system's functional interface and visual effect.The system is managed in the form of pages so that the user can interact with the system to provide detailed information about viewing virtual honeypots and intrusion attacks from the web interface,network traffic statistics,algorithm analysis,and other subsequent processing.