A Study on Honeypot Protection Technology Based on Rootkit
|School||Zhejiang University of Technology|
|Keywords||honeypot anti-honeypot Rootkit information safety network attack|
In the serious situation of increasing network safety incidents, the honeypot, as an effective way of proactive defense to capture and analyze invaders’information, gradually becomes the preferred attack target of invaders.Based on the analysis of current types of the main honeypot and anti-honeypot technologies, the author proposes a method based on Rootkit to strengthen the self-protection of honeypot system, and discusses how to hide and protect honeypot system from four aspects of honeypot process protection, the log data protection, anti - honeypot scan and honeypot process restart. In this paper, the following tasks are completed:1. It has studied the characteristics of Rootkit technology and the possibility of application to honeypot protection system, and has concluded that Rootkit can be used to hide the honeypot process, thus establishing a proper approach to the research.2. It has presented a model of invasion course intervention, and has put forward an algorithm of course intervention. At the same time, it has given a design program of honeypot system protection software based on Rootkit technology, including design of honey pot process protection, log data protection, anti-honeypot detection and honeypot process restart.3. Using Visual C + + development tool in the Windows environment to achieve a honeypot protection system: Honeypot-Protector, which is tested and analyzed.The honeypot protection technology proposed in this paper can protect the honeypot system from being attacked , captured and identified easily by the invaders; even if the honeypot is captured, it can effectively guarantee that the host system control power of the honeypot will not be easily captured by invaders; even if the system control power is captured by invaders, the important data made and recorded by the honeypot will not be easily detected and destroyed by invaders, thus greatly enhancing honeypot system security, achieving a maximum delay of invaders’attacking speed, and avoiding honeypot, after being captured, becoming a basis for invaders to attack the next target, and providing a new research idea for the upcoming combat between honeypot and anti-honeypot technology.