Research on Honeypot Protection Technology Based on Rootkit
Based on the analysis of current types of main honeypot and antihoneypot technologies, the author proposes a method based on Rootkit to strengthen the self-protection of honeypot system, and discusses how to hide and protect honeypot system with relation to its four aspects, namely, the honeypot process protection, the log data protection, antihoneypot scan, and the honeypot process restart. The honeypot protection technology proposed in this chapter can protect the honeypot system from being attacked, captured, and identified easily by the invaders. Even if the honeypot is captured, it can effectively guarantee that the host system control power of the honeypot will not be easily captured by invaders. Even if the system control power is captured by invaders, the important data made and recorded by the honeypot will not be easily detected and destroyed by invaders, thus greatly enhances the honeypot system security. This chapter aims at achieving a maximum delay of invaders’ attacking speed, and avoiding honeypot misuse after being captured, providing a basis for invaders to attack the next target, and providing a new research idea for the upcoming combat between honeypot and antihoneypot technology. Experimental results show that the proposed honeypot protection technology can effectively protect against the honeypot capture.