虚拟蜜罐系统的设计

Design of Virtual Honeypot System

根据虚拟蜜罐框架Honeyd的体系结构、模拟路由拓扑、配置命令及日志功能,设计了虚拟蜜罐系统HoneypotV,并将其部署在实际网络环境中。该系统通过模拟操作系统的TCP/IP栈建立蜜罐,采用与Nmap或Xprobe相同指纹的数据库模拟操作系统,以响应针对虚拟蜜罐的网络请求。可实现欺骗和诱骗、行为控制、入侵检测、被动探测和数据分析等几项功能,实验证实达到预期的目标。

According to the virtual honeypot framework Honeyd architecture, simulates routing topology, configuration order and the logging, a virtual honeypot system called HoneypotV is designed and deployed in the real network circumstance. This system simulates operating system TCP/IP stack to establish the honeypot, adopts Nmap or the Xprobe identical fingerprint database simulation operating system, and responds in view of the virtual honeypot network request. The constructed honeypot system shows the function of deception and decoy, action control, intrusion detecting, passive detecting and data analysis. And the result shows the system achieved its anticipated purposes.