Design And Implementation Of Honeypot Capture System For Internet Of Things Terminal Devices

With the continuous development of Internet of things technology,the application of Internet of things is becoming more and more mature and expanding,corresponding to the rapid increase in the number of Internet of things devices.However,with the rapid development of the Internet of things,people are facing increasingly serious security problems.The intruders use the defects of the Internet of things devices to launch large-scale network attacks,resulting in many Internet of things devices can not be used normally,which has a serious impact on the stability and security of the network,and directly threatens people's life and property security.The security threat of Internet of things devices is very serious,so it is very important to improve the security of Internet of things devices.This thesis first investigates and analyzes the current situation of the security protection technology of the Internet of things terminal equipment,and then from the characteristics of the Internet of things terminal system,combined with the honeypot technology for network defense,designs and implements the honeypot capture system for the Internet of things terminal equipment.The system mainly includes four core modules: system configuration module,remote login module,attack operation module and reverse osmosis module.Among them,the function of the system configuration module is to complete and update the necessary configuration of the honeypot system.The function of the remote login module is to verify the attacker's remote login process.The function of the attack operation module is to execute the command to the honeypot to implement its attack intention.And the function of the reverse osmosis module is to complete the reverse osmosis process to the attacker's host.Furthermore,this thesis implements honeypot system based on different communication protocols,including the honeypot system of Internet of things terminal based on telnet protocol and the honeypot system of Internet of things terminal based on SSH protocol.Two honeypots with different protocols use socket network programming to realize network communication and establish the normal connection between attacker and honeypot.By simulating the Internet of things terminal environment,the honeypot system opens common ports and runs corresponding services,luring the attacker to actively establish a port connection with the honeypot,deceiving the attacker to log in the honeypot system with a remote weak password,and carrying out the intention of attack on the honeypot.At the same time,the honeypot can use its own scanning tool to reverse scan theintruder's host,obtaining the running service and port of the intruder's host,and then try to log in the intruder's host in reverse,downloading and executing the backdoor program after the login is successful to control the intruder's host.The honeypot system can completely record the attacker's behavior,such as the attacker's IP address,MAC address and the executed command.Honeypots based on different protocols provide attackers with a variety of communication ways to establish connection,enhancing the system's deception ability,and helping to capture a wealth of attack samples.The honeypot system designed and implemented in this thesis can not only provide more available attack sample data for security personnel,but also upgrade the passive defense mode of the traditional honeypot to the active defense mode,realizing the reverse osmosis to the attacker's host,and improving the security protection ability of the Internet of things terminal.