Abstract: The plan is mainly based on DRBL (Diskless Remote Boot in Linux) to establish diskless Honeypot system and integrate
intrusion prevention system(IPS) superior invasion examination and defense capability. It enables the IPS system not only to examine the malicious activity also to entrap the malicious attack. When examining the malicious act, it can warn network administrator immediately and guide the malicious act to Honeypot. By the interaction with malicious act, it can record its behavior, the invasion method and channel, provide the network administrator renewal to patch the system, reduce the system loophole and promote security largely.

Key words: diskless remote boot in Linux (DRBL), Honeypot system, intrusion prevention system (IPS)