Research On Use Of Honeypot In Defending Network Service Attack

At present, Internet is growing rapidly and the online world is developing at an unprecedented rate. Correspondingly, the network security problems are also increasing explosively. More and more people's life depends on network services, such as online banking, e-commerce and so on. Various types of Internet attacks targeting Internet, such as viruses, hacker attacks, and malicious e-mail, have spread and network security has become one of the major challenges.There are a variety of technical means for the implementation of the network security and Honeypot system is one of them. The core idea of the honeypot system is to simulate virtual hosts and provide sorts of virtual network services. When viruses or network attacks attempt to steal network resources or destroy network security, the real host and valuable resource actually are not damaged. Meanwhile, the attacks from the hackers and viruses are blocked. The highly interactive honeypot system can even break these attacks by communicating with network attacks and viruses to analyze behaviors of attackers.This article firstly describes the background, design thinking and key components of the honeypot system. After interpreting sorts of attacks used on the internet and network security techniques, the article will focus on describing how to extend FTP and SMTP network protocol function to make virtual services attract and analyze attacks better when using honeypot system source project Honeyd. In the meantime, we analyze the shortcoming of taking use of template to configure scripts statically. After that, we combine Honeyd with the principle of generating rules of the network intrusion detection system; offer a creative way to invoke scripts dynamically based on rules and update rule libraries automatically. Meanwhile, we design and implement log file monitoring tool to send out real-time warnings.At the end of this article, we make some experiments about how to capture network attacks and worm viruses and analyze the experimental results in detail. The results show that honeypot play a significant role when you take use of extension of network services and dynamic call of the scripts.