| The current situation of network security attack and defense is gradually turning from known to unknown.In the game with the attacker,whether the unknown threat attacks can be detected in time becomes the key of security protection.However,the security protection of most enterprise networks is concentrated on the network boundary and using passive defense technology.Therefore the perception of new type of attacks and unknown threats is insufficient.This thesis analyzes the security shortcomings of enterprise intranets and common threat behaviors in detail.Based on honeypot technology and spoofing technology,this thesis proposes a framework and overall architecture of intranet threat awareness system.Then we designs and already achieved a number of forgery fraud techniques,including port information camouflage,storage voucher forgery,authentication session forgery,etc.A variety of honeypots are presented such as interactive honeypots,low-interaction honeypots through port redirection.And we realize Windows honeypots that can safely capture Wannacry ransomware.Through the ELKstack technology,the security log is collected,aggregated and visualized.In addition,the simulation environment and the integrated attack test have been simulated to verify that the intranet threat awareness system can effectively detect the attack event and display the security event in real time.Our research effectively improved the collection surface of honeypots,significantly cover multiple types of information systems,increased the possibility of honeypot capture attacks.And this research is able to adapt to different business intranets through virtualization deployment and port redirection,which reduced the cost of deployment and maintenance of honeypots.Meanwhile,through the log summary and visualization,the efficiency of security event analysis is greatly improved,which has good practical value. |
PDF Full Text Request