本篇論文整合了入侵偵測系統、蜜罐以及虛擬機遷移機制,將一個生產系統轉換成一個蜜罐,能夠克服上述蜜罐現有的限制。;Traditionally, enterprises have adopted passive defenses such as firewalls, intrusion detection systems and anti-virus software. These defenses usually rely on established rules to defend against known attack patterns. Faced with a new type of attack that has never appeared, these defenses will be completely useless.
Honeypot is an active defense that has emerged in recent years. By emulating a network service or a vulnerable environment, it attracts attackers to invade, thereby collecting information about attackers invading machines. Through this information, enterprise can understand the attack methods used by attackers and strengthen the weaker parts of the existing protection.
However, the existing honeypots have some limitations. For example, an attacker may detect the existence of honeypots, the information collected by honeypots is not close enough to the real situation, and the deployment of an unproductive honeypot requires additional resources.
This paper integrates intrusion detection system, honeypot and virtual machine migration mechanism to transform a productive system into a honeypot, which can overcome the existing limitations of honeypots.
