上海交通大学学报

上海交通大学学报(自然版) ›› 2012, Vol. 46 ›› Issue (02): 289-295.

• 自动化技术、计算机技术 • 上一篇    下一篇

基于无硬盘Honeypot的入侵防御系统

叶禾田,蔡昀璋   

  1. (南台科技大学 信息传播研究所, 台湾 台南 71005)
  • 收稿日期:2010-05-21 出版日期:2012-02-28 发布日期:2012-02-28

Intrusion Prevention System Based on Diskless Honeypot

 YE  He-Tian, CAI  Yun-Zhang   

  1. (Department of Information and Communication, Southern Taiwan University, Taiwan Tainan 71005)
  • Received:2010-05-21 Online:2012-02-28 Published:2012-02-28

摘要: 通过DRBL(Diskless Remote Boot in Linux)建立无硬盘环境的诱捕系统(Honeypot system),并融合入侵防御系统优越的入侵检测与防御能力,使入侵防御系统不仅能检测恶意活动也具备诱捕功能.当检测出恶意行为时及时警告网络管理人员,并立即将恶意行为引导至Honeypot,由与恶意行为互动的过程,详细纪录其活动行为、入侵方法、入侵管道,以供网管人员日后进行系统修补更新时参考,可大幅减少系统漏洞和大幅提升系统安全性.

关键词: 无硬盘远程开机系统, 诱捕系统, 入侵防御系统

Abstract: The plan is mainly based on DRBL (Diskless Remote Boot in Linux) to establish diskless Honeypot system and integrate
intrusion prevention system(IPS) superior invasion examination and defense capability. It enables the IPS system not only to examine the malicious activity also to entrap the malicious attack. When examining the malicious act, it can warn network administrator immediately and guide the malicious act to Honeypot. By the interaction with malicious act, it can record its behavior, the invasion method and channel, provide the network administrator renewal to patch the system, reduce the system loophole and promote security largely.

Key words: diskless remote boot in Linux (DRBL), Honeypot system, intrusion prevention system (IPS)

中图分类号: