A study on attack information collection using virtualization technology

摘要

Internet is used in all sectors of society by rapid changes in computing technology and expanded internet prevalence. But due to opposite effect of this, malicious code and damage of hacking is growing rapidly and the technique is becoming various. Attacker's attack patterns and information should be collected in order to reduce the damage and cope more aggressively to attack. In this paper, we propose a system which build honeypot farm using created virtual machine dynamically by utilizing honeypot to collect attack information and virtualization technology. The created virtual machines are managed by VMSC and protocol-based intrusion detection system which shows stable performance in mass traffic to attacker's intrusion detection is applied. Measurement of attack attempt and attack detection rate was measured to confirm the performance of the proposed system in this paper and the result of good performance through experiment was confirmed.