| As one of modern network defense technologies, honeypots play a more and more important role to monitor and track intruder's behavior, analyze intruder's attack tools, methods and goals and so on, it is similar to a network trap, bring enormous restrictions to the attack for aggressor. Along with honeypots'widespread applications, more and more organizations and individuals begin to study the so-called anti-honeypot technologies. For attackers, they hope to attack other system's resources and protect their attack technologies, so they carry on the research and experiment of anti-honeypot, and development effective anti- honeypot tools. For the honeypot deployers and maintainers, they also carry on similar researches of anti- honeypot, their goals are to discover the honeypots'weak joints, in view of these weak joints to perfect their honeypots, make their honeypots more safer and reliable more, so that the system resources can obtain more effective protection. Meanwhile, honeypot deployers and maintainers also need to study aggressors'anti-honeypot technologies, conducts the so-called anti-anti-honeypot research. All these battles may sum up as the both sides contest of honeypot and the anti-honeypot, and this game has just gegun.The research of anti-honeypot has the important practical significance in safeguarding the interests of our country's network space, completing the preparatory work of the incoming information war under high-tech condition ahead of schedule. Moreover, overseas have already started the search of anti-honeypot technology and achieved slightly achievement, but still has no literature to indicate that there have domestic organizations or individuals already started the systematic research on anti-honeypot.This article first has done the thorough research and experiments to the overseas anti- honeypot technology, analyzed honeypots'function structure and their network layout characteristic, pointed out the possible identification points, according to these points obtain two kind of identification strageties: the network level and the system level identification, match these two kinds of identification strategies and the corresponding honeypot type establishing the honeypot identification game tree model(GTIM). Finally, design and implement the"Anti-Honey pot Tool"for identification honeypot, which is on the base of identification model GTIM and reference to the experiment we have done on honeypot identification. Builds the... |
PDF Full Text Request