中文摘要：

针对当前密网部署中存在两个不足之处：一是如果黑客知道密网的存在，从而绕开它去攻击非密网主机，这样密网存在就没有价值；二是如果黑客利用攻陷的蜜罐去攻击外网主机，现在流行的办法采取密网网关来简单限制外出连接数，这存在两个致命的弱点：（1）少量的外出连接有可能造成危害，蜜罐被人误认为攻击者；（2）黑客知道自己被限制向外连接，那么密网就可能被暴露，更有可能利用错误消息迷惑密网部署者。文中提出两级重定向机制来弥补这两个不足之处。第一级重定向机制在非密网主机设置使对其攻击流定向到密网，第二级重定向机制把从蜜罐出去的攻击流定向到其它蜜罐。通过文中建立的模拟密网很好地实现了这两种机制，实验证明基于两级重定向机制的密网可以起到保护非密网主机的作用，限制对外入侵，同时能让黑客感觉不到它的存在。

英文摘要：

There are two defects in the current hone）net deployment. Firstly, if the hackers know of the existence of hone）net, thus bypassing it to attack non- honeynet host, so there will be no value;secondly, if hackers use compromised honeypot to attack the non- honeynet host, now popular way is taking network gateway simply to restrict connect on the number, there are two fatal weaknesses： （ 1 ） outside connections probably cause harm and honeypot maybe be mistaken for attackers; （2） hackers know that they were restricted from outside connections, then the hone）net could be exposed, are more likely to use error messages to confuse honey＇net deployer. Therefore recommand two - level redirect mechanisms can make up for deficiencies. First - layer redirect mechanism by setting up non - honeynet host to redirect attack stream to honeynet, the second - layer mechanism redirect attack stream from a honeypot to another honeypot.