基于Honeyd的恶意网页入侵检测

发布时间：2018-03-15 03:28

本文选题：蜜罐　切入点：honeyd　出处：《中国矿业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着计算机互联网技术的飞速发展，在计算机上处理业务已由单机处理功能发展到面向内部局域网、全球互联网的世界范围内的信息共享和业务处理能力。网络信息应经成为社会发展的重要组成部分。但是，由于计算机网络组成形式多样性、终端分布广和网络的开放性、互联性等特征，致使网络信息很容易受到人为攻击，，给社会造成损失。恶意网页是目前黑客最常用的一种攻击方式之一，攻击者通过各种途径利用木马甚至僵尸程序感染互联网上的大量主机，恶意网页对安全领域具有很大威胁。蜜罐技术是继防火墙、入侵检测技术之后的一种主动防御的安全技术。蜜罐技术的作用就是引诱黑客扫描和攻击，获取攻击者的信息以及他们的攻击技术,从而来提高网络安全防护和信息安全。 Honeyd是传统的服务器端蜜罐，只能被动地等待恶意软件扫描漏洞利用，下载恶意软件。本文提出了一种利用honeyd蜜罐，结合其他工具来主动检测恶意网页的新架构，该架构可以使honeyd主动访问恶意网页，可以更快速地收集恶意信息。并通过运用honeyd蜜罐技术、恶意网页追踪技术等，实现了恶意入侵行为的记录。本文基于现有的实验环境，利用强大的honeyd蜜罐技术,通过实际搭建系统并进行测试，来实现检测恶意网页入侵的行为。针对低交互客户端蜜罐honeyd在检测恶意网页的过程中容易被检测的缺陷，本文提出系统的改进，可以通过修改Vmware配置信息来加强蜜罐的隐蔽性，并通过实验来证明该技术的可行性。实验表明，蜜罐隐蔽技术的使用，可以深度伪装低交互蜜罐系统，从而提高了系统的安全性。
[Abstract]:With the rapid development of the computer Internet technology, the processing business on the computer has developed from a single computer processing function to an internal local area network. The worldwide information sharing and business processing capabilities of the global Internet. Network information should become an important part of social development. However, due to the diversity of the forms of computer networks, the wide distribution of terminals and the openness of networks, Interconnection and other characteristics make network information vulnerable to human attack, causing losses to society. Malicious web pages are one of the most commonly used attacks by hackers at present. Attackers use Trojan horses and even zombie programs to infect a large number of hosts on the Internet, and malicious web pages pose a great threat to the security field. The role of honeypot technology is to induce hackers to scan and attack, to obtain information and their attack technology, so as to improve the network security and information security. Honeyd is a traditional server-side honeypot, which can only passively wait for malware to scan for vulnerability exploitation and download malware. This paper presents a new architecture for actively detecting malicious web pages by using honeyd honeypot and other tools. This architecture can enable honeyd to visit malicious web pages actively and collect malicious information more quickly. By using honeyd honeypot technology, malicious web page tracing technology and so on, the malicious intrusion can be recorded. This paper is based on the existing experimental environment. By using the powerful honeyd honeypot technology, the behavior of malicious web page intrusion can be detected by setting up and testing the system in practice. Aiming at the defect that honeypot honeyd is easy to be detected in the process of detecting malicious web pages, this paper proposes the improvement of the system, which can enhance the concealment of honeypot by modifying the configuration information of Vmware. The experiment shows that the honeypot concealment technology can camouflage the low-interactive honeypot system in depth and improve the security of the system.
【学位授予单位】：中国矿业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】