Research And Implementation Of The Key Technologies Of Honeypot System Based On Agent

As a dynamic security defensive mechanism, honeypot can improve effectively entire safety of the network. Analyzing current honeypot technology, we bring forward a novel honeypot system model based on agent(DHBA) which solve some key problems of existing honeypot technology and design and implement key technologies of new model. Our work focuses on the following contents:Firstly, we deeply research the system principle and architecture of the existing honeypots, and know the merit and the insufficiency of them, then present clearly the key problems of honeypot.Secondly, This paper presents a novel distributed honeypot system model based on agent. The model is defined via nine elements and is composed of five key components. By introducing a distributed framework, the honeypot system is scalable and the deployment is easy. It can expand the detection scope and reduce the risk of intrusion in each subnet, at the same time, the imported risk by honeypot can be controlled conveniently. The model is suitable for different scales of network environment, and is an all-purpose model of Honeypot.Thirdly, we research detailedly the design thought and the implement method of Redirector Agent, present a novel method of service redirection base on the network simulation. The distributed deployment of the honeypot is easy with the technology, it makes for detecting more fast correctly the attacks and collecting the attack data in each subnet, and controls effectively attack activities.The fourth, we design distributed honeynet system base on DHBA. A method of distributed architecture and centralized deployment is used in the system, it is suitable for the large scale of network environment, and convenient for resource sharing and the attack control.At last, the prototype of the distributed honeynet system base on DHBA is implemented. The results of testing indicate the prototype reduces the risk of real host which is under attack, it can detect more fast correctly the attacks and collect the attack data in each subnet, cheat primely and even prevent the attackers, and it is suitable for the large scale of network environment.Our work has been applied in the project of 'Distributed Network Monitoring and Warning System' (2003AA142010), which provides convenient tool and measure to identify and research efficiently network attack.