分布式蠕虫蜜罐部署策略分析

Research on the deployment strategy ofdistributed honeypot based on Internet worm detection

蜜罐的捕获能力来自于其数量和分布位置,在同一网络拓扑中,运用合理的部署策略,可以部署最少的蜜罐,在最短的时间内捕获到蠕虫样本。本文讨论了蜜罐以及蠕虫扫描策略的研究内容,对红色代码蠕虫进行了深入的分析,根据随机扫描扫描策略建立了蜜罐部署策略模型,针对红色代码这种网络蠕虫的扫描策略,在模拟环境下对蜜罐部署策略进行了验证。

The capture ability of honeypot comes from its number and the distributed places. In the same network topology, by using proper deployment strategy,the number of honeypot and the worm capturing time can both be minimized. Here we discuss the re-search content of honeypot and the scan strategy of the internet worms ,and analyze the principium of RedCode worm, we also estab-lish a honeypot deployment strategy model based on network worm scan strategy.Finally,we validate the honeypot deployment strategy against RedCode worm scan strategy int network simulation environment.