Design And Implementation Of Network Security Defense System Based On Honeypot Technology

With the development of science and technology,the Internet has become more and more popular,people are increasing dependency on computer networks.With the preferable convenience,the Internet also brings us unignorable security issues,e.g.,hacker attacks,malicious codes,etc.In view of network attack behaviors,traditional defense methods,such as firewall technology,encryption and decryption technology,identity authentication technology and access control technology,can reduce the damage brought by network security threats to some extent.However,these network security technologies are passive defense,and increasingly unable to meet the needs of today's information security.Honeypot technology is a kind of active defense technology,it can deploy highly monitored resources in the network.Honeypot can actively collect information of attackers,analyze and process attack information in order to understand the attacker's motivation and purposes in a timely manner.Applying honeypot technology in the field of network security can solve the problem of traditional security technology to a certain extent.Based on this,the thesis designs and implements a network security defense system based on Honeypot technology.The main works are as follows:(1)Analyzes current situation of network security,and points out the problems in the field of network security,then intruduces the Honeypot technology and analyze the advantages and disadvantages of different types of Honeypots.Starting from this,the idea of combing two types of Honeypots to contruct the system is proposed.(2)Perform a demand analysis on the system,the detailed design and implementation of the system are given.Considering the Honeypots are easily exposed with a static configuration,the system uses scanning results of surrounding network environment to configurate low-interaction honeypot,and uses redirection technology to forward some access traffic to virtual high-interaction honeypot for further interaction information.Meanwhile,the system employs honeynet gateway and traditional network security technologies to ensure the system itself does not threaten the network.(3)Perform detailed tests on different modules of system.The experimental results show that the system can operate normally,and the idea of combines two types of honeypots indeed can exploit the advantages of honeypots,and can deceive attacker and delay attacker's attack,and can capture the detail information of the attacker's behavior.