| Along with the continuous development of internet, people feel the great convenience brought by the internet, but is also trapped in the increasing Internet safety problems, such as worm,trojan,virus,botnet and so on. How to detect and caputure these instrusions has become a most important issue in the field of network security.The Intrusion detection technology and the firewall technology,as a passive defense technology have been used widely.However,with the development of network security technology and the growing demand of network security, the traditional passive defense technology can't satisfy people's needs now.As a result,the honeypot technology,as an active defense technology,has been used more and more.A honeypot is a kind of network resource, like the trap in the internet and its value lies in attracting,caputuring and monitoring the malicious traffic.However, most of honeypot systems still have the problems of single function, low capture capacity and high false positive. So how to attract and monitor more attack, capture more malware is our focus in the paper.The new type of comprehensive and scalable honeypot , CPot(Click-based honeyPot),is based on the ideas of honeypot,network telescope and intrusion detection. Through intercepting the network traffic to the unused IP addresses and forwarding them to the high interactive honeypots for further processing, we can capture the malware samples, malicious traffic and activities.In a word,CPot can attract network attack,monitor the attack and capture the malicious code and network traffic.Compared with HoneyBow, the traditional high interactive honeypot, CPot has the advantages of much more powerful malicious traffic capture ability, more complex functions and safer mechanics. The experiment of half a year has proved the capability of CPot. |
PDF Full Text Request