The Design and Implementation of the Honeypot System Based on Spark

The rapid development of the Internet services has made our life convenient but also attracted a lot of attacks. How to effectively protect the security of large Internet sites is a hot research. Here is the idea of design: When the user visits, the DNS server resolves the IP address and the user can get access to the fortress machine based on the analyzing results. Fortress machine captures the data with Iptables log function. Spark invokes the captured data to do real-time analysis and identify users of potential threats according to fixed rules. Then the fortress machine redirects the user based on the analysis results. If a user has threats, it will be redirected to the honeypot, otherwise it will be linked to the protected system.The experiments show that using big data technology to analyze log files can improve the speed of information processing and efficiency of system protection; The system can extend residence time of illegal visitors in the honeypot system with the same Website and achieves the purpose of collecting more illegal visitor’s information and facilitating future analysis.