Research On Intelligent Active Defense Technology Based On Virtual Honeypot

With the rapid development of Internet related technology,there are many ways of network attack.Only relying on traditional passive network security defense technologies such as firewall,digital signature,virus protection,security scanning and so on,can no longer guarantee the demand of today's society for information security.To solve this problem,honeypot technology based on active defense strategy is proposed and widely used in the field of network security defense.Honeypot uses deception technology to trap hackers by deploying some services and resources.According to the results of the capture,it analyzes the hacker's attack path,attack purpose,attack means and attack tools,so as to make the defender clear of the threat situation they are facing,and can take some targeted protective measures to play an active role in defense.Virtual honeypot is a kind of honeypot technology,which is simulated by virtual system and service,which greatly reduces the deployment and maintenance cost of the system,so it has been widely used.This paper studies the intelligent active defense technology based on virtual honeypot.By understanding the development status of honeypot,basic concepts,related technologies and clustering algorithm of data mining analysis,this paper analyzes the basic principle,process and defects of existing virtual honeypot technology,introduces redirection technology to improve honeypot data capture technology,and introduces black-and-white list and protection list technology to improve honeypot data control technology.In order to make the data analysis function more accurate,through the analysis of the advantages and disadvantages of the traditional K-means clustering algorithm,an improved clustering algorithm Canopy?K-means for LOF outlier detection and filtering is proposed for data analysis.Finally,according to the above design requirements,the experimental simulation and analysis show that the intelligent active defense technology research system based on virtual honeypot can effectively capture and control the attack of virtual honeypot system,compared with the traditional K-means algorithm,the improved clustering algorithm Canopy?K-means for LOF outlier detection and filtering has faster speed and lower false alarm rate,and is more suitable for the data analysis of the captured results.