中文摘要：

针对现有网络安全工具在入侵检测以及防护等方面的不足，提出了一个基于代理的分布式Honeynet模型DHMBA，并对其进行了形式化描述和分析。以此为基础设计和实现了基于DHMBA的分布式网络陷阱系统DHSBD。该系统通过分布在各子网中模拟网络的代理，将攻击重定向到伪装服务中，集中分析和监控攻击行为，扩大了系统的检测视野，降低了蜜罐引入的安全风险和部署维护的代价，减小了产品网络被攻击的概率，能有效地提高大规模网络的整体安全性。

英文摘要：

Aimed to the shortcoming of the intrusion detection and prectection, a novel model DHMBA （distributed Honeynet model based on Agent） is presented. DHMBA is introduced and analyzed using formal. Based on DHMBA model, a prototype system DHSBD （distributed Honeynet system based on DHMBA） is designed and implemented. The access to redirector Agent that simulates virtual networks for remote surveillance of the unused address space are redirected to disguise Service that is a aggregation of Honeypots offering simulative or real services. The system permits for recording and analyzing the intruder＇ s activities and using the results to take administrative actions toward protecting the network. The detection scope is expanded and the potential risk of Honeypots and cost of the deployment and maintenance are reduced. It is able to reduce the probability of attacks on production computers and improve effectively entire safety of the network.