Design of a worm isolation and unknown worm monitoring system based on Honeypot

Abstract

It has been proved being cumbersome and ineffective to prevent attacks in computer networks. However, the detection strategies have been found to be effective and less costly. The use of Intrusion Detection Systems (IDS) as a detection technique has been widely implemented in computer networks. Meanwhile, there is another strategy can reduce the occurrence of network intrusion, namely Honeypot. Honeypot is a proactive defense technology, introduced by the defense side to change the asymmetric situation of a network attack and defensive game. Through the deployment of the honeypots, i.e. security resources without any production purpose, the defenders can deceive intruders to attack the honeypots, then capture and analyze the attack behaviors in order to understand the attack tools and methods, and to learn the intentions and motivations. The paper analyzed the characteristics and the harms of worm virus, put forward a kind of custom honeypot system. Which according to the intrusion detection, virtual honeypot and data mining technology, using guile address space technology for the purpose of capturing known worms, isolating and delaying the unknown worms scanning speed, and analyzes the log by data mining, update the intrusion detection system rules set, and make timely response and take defense.