Research On Network Intrusion Detection Technology Based On Honeypot

In recent years,people have become increasingly dependent on the internet for both work and personal life,resulting in a complex network environment.The frequency of various malicious network attacks has also increased.Network security is a crucial concern for individuals,society,and countries alike.It is essential to enhance awareness and capabilities in network attack protection.Simultaneously,the methods of network attacks are continuously evolving,and the technical skills of attackers are consistently improving.Network attack tools are becoming more automated,and attack costs are decreasing.The growing number of open-source attack tools lowers the entry threshold for the hacking industry.Traditional passive defense techniques have limitations when dealing with unknown attacks.To address this challenge,this paper primarily investigates network intrusion detection methods based on honeypot technology,combining active and passive defense technologies to achieve accurate and effective network security protection.This study introduces the theory of intrusion detection and honeypot technology.Based on this foundation,a Honeypot-based Intrusion Detection and Signature Generation System(H-IDSGS)is designed.The paper discusses the construction and principles of H-IDSGS’s key components and then demonstrates the implementation effectiveness of each component in intrusion detection accuracy and attack signature generation through experiments.Firstly,to address the uncertainty and noise of data captured by the honeypot,this paper proposes an unsupervised anomaly detection method based on autoencoders to analyze the honeypot data.After deploying the experimental environment for this method,experimental verification is conducted on the CICIDS 2017 and NSL-KDD datasets.The experimental results indicate that this method effectively detects unknown attacks and improves accuracy to some extent.Moreover,an attack signature generation method is proposed,capable of generating signatures for detected attacks and periodically updating them to the Intrusion Detection System(IDS)signature database,thereby enhancing the detection capabilities for unknown attacks.To implement attack signature generation,an attack signature generation algorithm based on Generalized Suffix Trees(GST)and Longest Common Substring(LCS)is proposed.A honeypot-based intrusion detection experimental environment is established,and various network attacks are simulated using tools.Experimental results demonstrate that the attack signature generated by the algorithm effectively improves the IDS’s detection capabilities for unknown attacks.