Honeypots网络取证技术研究

Research on Network Forensics Based on Honeypots

网络取证技术是当今一种热门的动态安全技术,它采用主动出击的方法,搜集犯罪证据,查出入侵的来源,有效地防范网络入侵。文中在分析网络取证的基本原理和Honeypots(蜜罐)技术特点基本上,将Honeypots应用到网络取证中,提出了基于蜜罐技术的网络取证系统,给出了系统模型和网络拓扑结构;并对各模块进行了分析并且给出实现方法。该系统在Honeypots的协同工作下能实时、准确和全面地收集入侵证据,再现入侵过程。

Network forensic is a dynamic security technology. It collects the proofs of intrusion and finds the source of attacks with the active methods , so it can prevent intrusion effectively. In the paper, the basic principle of network forensics and the character of honeypots are analysed. Applying the technique of honeypots into network forensics, the system of network forensics based on honeypots is presented. The paper proposes the model of the system and network structure. The concepts, methods, realizing techniques of modulars is discussed. This frame collect intrusion evidence real-timely, accurately and entirely, which cooperate with honeypots. And the intrusion processes is reappeared according to the real-time intrusion evidence.