【作者】 胡征昉；

【导师】 潘昊；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着Internet的迅猛发展和网络社会化的到来，互联网面向商业用户和普通公众开放，网络通信和业务量以滚雪球的方式增长。同时，由于Internet本身安全方面的缺陷，黑客网络攻击与入侵行为、安全信息泄漏等网络安全事件呈现出迅猛递增的趋势。现有的安全措施主要是基于已知的事实和攻击模式，采取被动防御的方法，这些方法对于复杂而多变的黑客攻击显得力不从心。如何使网络安全防御体系由静态转为动态，防御措施从被动变为主动是我们要研究的新课题。由此，另一种更主动的有效的信息安全技术正渐渐地进入人们的视野，那就是蜜罐技术。蜜罐是网络安全的一个全新领域。它通过构造一个有着明显安全漏洞的系统来引诱入侵者对其进行攻击，并在攻击的过程中对入侵者的入侵动机、入侵手段、使用工具等信息进行详细地记录。根据收集到的入侵者信息，我们就可以分析得到入侵者所使用的最新技术、发现系统中的安全漏洞，从而对系统中存在的问题及时予以解决。论文详细分析了蜜罐的原理、结构、特点、设计和实现，并构建一个虚拟蜜罐系统来全面论证了蜜罐的功能。本文中主要论述了如下几个方面：一、介绍了蜜罐的起源与发展，蜜罐的定义和分类，分析蜜罐的安全价值，论述相对于其他安全工具蜜罐所特有的优势和弱点。二、分析了蜜罐的相关技术，包括蜜罐的伪装、信息采集、风险控制、数据分析等几个部分。三、在深入地剖析了国内外传统和前沿蜜罐技术之后，总结了蜜罐技术主要存在的技术难点和缺陷。随后沿着提出问题，解决问题的思路，提出了对现有蜜罐技术的拓展方法——结合其他信息安全技术的综合解决方案。设计了一个Honeypot和IDS结合的安全防御系统，并详细描述了该系统的实现过程。四、对蜜罐系统进行了功能测试和性能测试。作者通过搭建一个虚拟的蜜罐系统，使用常用的攻击方法对其进行了测试，结果符合预计的系统设计目标。通过理论的证明和试验的验证，得出结论：蜜罐可以迷惑攻击者，转移攻击目标，消耗攻击者资源，发现系统漏洞和新的攻击方式。和现有网络安全手段如入侵检测系统和防火墙结合使用，可以有效的提高系统的安全性。更多还原

【Abstract】 Along with the Internet swift and furious development and the network socialization arrival, the Internet has opened her door to the commercial users and the ordinary public.The network commanication and business volume experiencing a rolling snowball type growth. ,At the same time, as a result of the security flaws hacker’s network attacks and of the Internet itself, invasion behavior. the increasing security of the Information highway raised the public alarm.The available countermeasures are primarily based on known facts and known attack patterns and mainly are passsive defence means. All these means seem too less able to handle complex and swiftly changing attach methods. How to make the network security defense system dynamic and to change measure actively but not passively are the new research task.. The effective information safe practice more voluntarily of another kind has been entering people’s vision gradually, that is technology of the honeyed pot.Honeypot is a new concept in the field of network security. It allures attacker by some obvious security holes, at the same time, monitors the hacker’s behavior and records all the information for further analysis. According the log data, we can look up the latest intrusion behaviors and security holes, so accordingly we can build more security into the whole system.The thesis discusses the theory, structure, characteristic, design and implementation of Honeypot in detail. Constructing a virtual Honeypot demonstrate the honeypot’s functions. It can be concluded in some aspect of this article.The first, this thesis introduce the origins, development, the definition and categories of Honeypot. And value of security, special advantage and weakness of Honeypot are discussed.The second, And correlative concepts and ideas are analyzed completely, The implement technologies of honeypot system include disguise,information gather,risk control,data analysis. The third, after deep analysis domestic and international tradition and technology of the honeypot of front, have summarized technological difficult point and defect existing mainly of the technology of the honeypot .In line with the question of putting forward afterwards, solve the thinking of the problem, has proposed it to the technology expansion method of the existing honeypot—Combine the comprehensive solution of the safe practice of other information. And one virtual Honeypot is constructed used honeypot together with IDS to validate the concept and implementation of Honeypot.At last, the function test and performance test of the honeypot.According to the conclusion of this thesis, we can claim that honeypot can puzzle adversaries, devert an attack from their real targets, exhaust attacker resources discover vulnerabilities and new attacking methodes. Worked with IDS and FireWall the computer network security will be enhanced effectively.更多还原